CVE-2026-47148
Undergoing Analysis Undergoing Analysis - In Progress
Buffer Overflow in EmberZNet via Malformed GetGroupMembership Command

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: Silicon Graphics (SGI)

Description
In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Groups cluster may be impacted.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-47148
EUVD
EUVD-2026-39403
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
silabs emberznet to 9.0.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in EmberZNet v9.0.2 and earlier involves malformed GetGroupMembership commands causing process termination without observed information leakage back to the sender.

Since no information leakage was observed, the vulnerability does not directly expose personal or sensitive data.

However, the denial of service caused by process termination could impact system availability, which is a factor in compliance with standards like GDPR and HIPAA that require ensuring availability and integrity of systems.

Overall, while the vulnerability does not appear to cause data breaches, its impact on system stability could have indirect compliance implications related to availability requirements.

Executive Summary

This vulnerability exists in EmberZNet version 9.0.2 and earlier. It involves malformed GetGroupMembership commands that can cause the system to repeatedly read beyond the end of the message payload, which results in the termination of the process. The issue only affects devices that have already joined the network and support the Groups cluster. Importantly, no information leakage back to the sender was observed.

Impact Analysis

The impact of this vulnerability is that an attacker who sends malformed GetGroupMembership commands from a device already joined to the network can cause the affected process to terminate unexpectedly. This could lead to denial of service conditions on the affected device. However, no information leakage to the attacker has been observed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47148. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart