What is CVE-2026-5066?

CVE-2026-5066 is a medium-severity vulnerability in Zephyrproject-rtos Zephyr, classified under Out-of-bounds Write. CVSS score: 6.3/10. Published 2026-06-04.

How severe is CVE-2026-5066?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Buffer overflow in Zephyrproject-rtos Zephyr

CVE-2026-5066

A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_store() and tls_session_restore() memcpy…

Vulnerability class: Buffer Overflow

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Zephyrproject-rtos Zephyr

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

vulnerabilities@zephyrproject.org

Frequently asked questions

What is CVE-2026-5066?: CVE-2026-5066 is a medium-severity vulnerability in Zephyrproject-rtos Zephyr, classified under Out-of-bounds Write. CVSS score: 6.3/10. Published 2026-06-04.
How severe is CVE-2026-5066?: Medium severity. CVSS v3 base score is 6.3 out of 10.