CVE-2026-47149
Undergoing Analysis Undergoing Analysis - In Progress
Door Lock Cluster Out-of-Bounds Read in EmberZNet

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: Silicon Graphics (SGI)

Description
In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Door Lock cluster may be impacted.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-47149
EUVD
EUVD-2026-39404
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
silabs emberznet 9.0.2
silabs emberznet to 9.0.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in EmberZNet version 9.0.2 and earlier. It occurs when malformed or out-of-range Door Lock user identifiers are processed, which can cause out-of-bounds table reads and lead to the termination of the process.

The issue only affects devices that have already joined the network and support the Door Lock cluster. Importantly, no information leakage back to the sender was observed.

Impact Analysis

Exploitation of this vulnerability can cause the affected process to terminate unexpectedly due to out-of-bounds reads triggered by malformed Door Lock user identifiers.

This could lead to denial of service conditions on devices supporting the Door Lock cluster within the network.

Compliance Impact

The vulnerability in EmberZNet v9.0.2 and earlier involves out-of-bounds table reads triggered by malformed or out-of-range Door Lock user identifiers. However, these messages must come from devices already joined to the network, and no information leakage back to the sender was observed.

Given that no information leakage was observed, there is no direct indication from the provided information that this vulnerability leads to unauthorized data exposure or breaches that would impact compliance with standards such as GDPR or HIPAA.

Therefore, based on the available data, this vulnerability does not appear to directly affect compliance with common data protection regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47149. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart