CVE-2026-1681
Received Received - Intake
Stack Overflow in Zephyr RTOS via ICMP Ping

Publication date: 2026-05-12

Last updated on: 2026-05-12

Assigner: Zephyr Project

Description
Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are processed inline before the current frame returns. The nested input-path frames exceed the work-queue stack and trigger a stack overflow.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-12
Last Modified
2026-05-12
Generated
2026-06-21
AI Q&A
2026-05-12
EPSS Evaluated
2026-06-20
NVD
CVE-2026-1681
EUVD
EUVD-2026-29387
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zephyrproject zephyr to 4.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-674 The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1681 is a stack overflow vulnerability in the Zephyr RTOS that occurs when a ping command is issued to the device's own IPv4 address using the net shell command (e.g., `net ping 10.42.0.2`).

The vulnerability happens because the network stack recursively re-enters the input path on the same system work-queue stack when processing both the echo request and the echo reply inline. This recursive processing causes the stack frames to nest excessively, exceeding the allocated stack size and triggering a stack overflow.

When the stack overflow occurs, the Memory Protection Unit (MPU) detects the overwrite, which leads to a bus fault and causes the system to halt.

This issue is classified as CWE-674 (Uncontrolled Recursion) and has a CVSS score of 6.1, indicating a moderate severity.

Impact Analysis

This vulnerability impacts the availability and integrity of the affected system.

Specifically, the stack overflow caused by recursive processing leads to a bus fault and system halt, which means the device can crash or become unresponsive.

An attacker with local access and the ability to trigger the ping command can cause a denial of service by making the system stop functioning properly.

The vulnerability does not impact confidentiality.

Detection Guidance

This vulnerability can be detected by issuing a ping command to the device's own IPv4 address using the net shell command.

  • Use the command `net ping <device_own_IP>` (e.g., `net ping 10.42.0.2`).

If the system experiences a stack overflow, it will trigger a bus fault and cause the system to halt, indicating the presence of the vulnerability.

Mitigation Strategies

To mitigate this vulnerability, apply the patch proposed in PR #102268 for Zephyr RTOS versions up to 4.3.

Avoid issuing ping commands to the device's own IP address until the patch is applied.

Compliance Impact

This vulnerability impacts the availability and integrity of the affected system but does not affect confidentiality.

Since it does not compromise confidentiality or expose personal data, it is unlikely to directly violate data protection regulations such as GDPR or HIPAA, which primarily focus on protecting personal data privacy and confidentiality.

However, the availability and integrity impact could indirectly affect compliance if the affected system is critical for maintaining regulatory controls or service continuity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1681. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart