CVE-2026-47154
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries, resulting in process termination. These messages must come from a device that has already joined the network.
Risk Assessment
The risk to the organization involves potential process failures related to device handling, which may lead to system downtime. No information leakage back to the sender was observed.
Recommendation
It is recommended to update to the latest version of EmberZNet to minimize the risk associated with this vulnerability. Additionally, monitor devices supporting the Simple Metering cluster.
Original NVD description (English source)
In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Simple Metering cluster may be impacted.

