CVE-2026-10640 | zephyrproject zephyr up to 4.4.x subsys/net/ip/ipv6_nbr.c use after free (GHSA-r74c-mr4m-7g9g)

A vulnerability classified as critical was found in zephyrproject zephyr up to 4.4.x. This impacts the function net_ipv6_send_na/net_ipv6_send_ns/net_ipv6_send_rs of the file subsys/net/ip/ipv6_nbr.c. Such manipulation leads to use after free.

This vulnerability is documented as CVE-2026-10640. The attack requires being on the local network. There is not any exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More