What is CVE-2026-10645?

CVE-2026-10645 is a medium-severity vulnerability in Zephyrproject-rtos Zephyr, classified under Out-of-bounds Read. CVSS score: 4.9/10. Published 2026-06-23.

How severe is CVE-2026-10645?

Medium severity. CVSS v3 base score is 4.9 out of 10.

Out-of-bounds Read in Zephyrproject-rtos Zephyr

CVE-2026-10645

Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2_fetch_direntry() (subsys/fs/ext2/ext2_diskops.c), the code only checks de_n…

Vulnerability class: Buffer Overflow

CVSS v3 metric

CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H.

Affected products

Zephyrproject-rtos Zephyr

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

vulnerabilities@zephyrproject.org

Frequently asked questions

What is CVE-2026-10645?: CVE-2026-10645 is a medium-severity vulnerability in Zephyrproject-rtos Zephyr, classified under Out-of-bounds Read. CVSS score: 4.9/10. Published 2026-06-23.
How severe is CVE-2026-10645?: Medium severity. CVSS v3 base score is 4.9 out of 10.