What is CVE-2026-5068?

CVE-2026-5068 is a high-severity vulnerability, classified under Out-of-bounds Write. CVSS score: 7.6/10. Published 2026-06-09.

How severe is CVE-2026-5068?

High severity. CVSS v3 base score is 7.6 out of 10.

CVE-2026-5068

CVE-2026-5068

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation (via chan_ops.alloc_buf) and the chosen RX pool has a user_data…

Vulnerability class: Buffer Overflow

CVSS v3 metric

CVSS v3 base score 7.6 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H.

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

vulnerabilities@zephyrproject.org

Frequently asked questions

What is CVE-2026-5068?: CVE-2026-5068 is a high-severity vulnerability, classified under Out-of-bounds Write. CVSS score: 7.6/10. Published 2026-06-09.
How severe is CVE-2026-5068?: High severity. CVSS v3 base score is 7.6 out of 10.