CVE-2026-47148
Analyzed Analyzed - Analysis Complete

Buffer Overflow in EmberZNet via Malformed GetGroupMembership Command

Vulnerability report for CVE-2026-47148, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: Silicon Graphics (SGI)

Description

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Groups cluster may be impacted.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
silabs emberznet to 9.0.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability in EmberZNet v9.0.2 and earlier involves malformed GetGroupMembership commands causing process termination without observed information leakage back to the sender.

Since no information leakage was observed, the vulnerability does not directly expose personal or sensitive data.

However, the denial of service caused by process termination could impact system availability, which is a factor in compliance with standards like GDPR and HIPAA that require ensuring availability and integrity of systems.

Overall, while the vulnerability does not appear to cause data breaches, its impact on system stability could have indirect compliance implications related to availability requirements.

Executive Summary

This vulnerability exists in EmberZNet version 9.0.2 and earlier. It involves malformed GetGroupMembership commands that can cause the system to repeatedly read beyond the end of the message payload, which results in the termination of the process. The issue only affects devices that have already joined the network and support the Groups cluster. Importantly, no information leakage back to the sender was observed.

Impact Analysis

The impact of this vulnerability is that an attacker who sends malformed GetGroupMembership commands from a device already joined to the network can cause the affected process to terminate unexpectedly. This could lead to denial of service conditions on the affected device. However, no information leakage to the attacker has been observed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47148. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart