HIGHVulnerability
Verified
Global

NVD HIGH: CVE-2026-47147 — In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server...

·Source: NIST NVD

Updated:

Executive Summary

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the network. Only devices supporting the OTA Server cluster may be impacted.

Analysis

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the network. Only devices supporting the OTA Server cluster may be impacted. CVSS Score: 7.1. Published: 2026-06-25T14:16:40.810.

Indicators of Compromise (1)

CVE (1)
CVE-2026-47147
Source Attribution

Originally published by NIST NVD on Jun 25, 2026. Verified by: NIST.

Related Threats