CVE-2026-47154
Undergoing Analysis Undergoing Analysis - In Progress
Out-of-Bounds Read in EmberZNet Stack

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: Silicon Graphics (SGI)

Description
In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Simple Metering cluster may be impacted.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-47154
EUVD
EUVD-2026-39354
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
silicon_labs emberznet 9.0.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in EmberZNet v9.0.2 and earlier involves out-of-bounds reads triggered by malformed GetProfileResponse messages, which can cause process termination. However, no information leakage back to the sender was observed.

Since there is no observed information leakage or data exposure, the vulnerability does not directly impact compliance with data protection standards such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in EmberZNet version 9.0.2 and earlier. It occurs when a malformed GetProfileResponse message is processed. Specifically, the message can cause out-of-bounds reads while iterating through interval entries, which can lead to the termination of the process handling the message.

The malformed messages must come from a device that has already joined the network, and only devices that support the Simple Metering cluster are potentially affected.

No information leakage back to the sender was observed as part of this vulnerability.

Impact Analysis

The primary impact of this vulnerability is that it can cause the affected process to terminate unexpectedly due to out-of-bounds reads triggered by malformed messages.

This could lead to denial of service conditions on devices running EmberZNet that support the Simple Metering cluster, potentially disrupting normal operation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47154. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart