CVE-2026-9263 | zephyrproject zephyr up to 4.4.x isoal.c isoal_check_seg_header length out-of-bounds (GHSA-6gvp-pmh8-fjh2)

A vulnerability classified as problematic has been found in zephyrproject zephyr up to 4.4.x. This affects the function isoal_check_seg_header of the file subsys/bluetooth/controller/ll_sw/isoal.c. Performing a manipulation of the argument length results in out-of-bounds read.

This vulnerability is reported as CVE-2026-9263. The attacker must have access to the local network to execute the attack. No exploit exists.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More