What is CVE-2026-5589?

CVE-2026-5589 is a medium-severity vulnerability in Zephyrproject-rtos Zephyr, classified under Out-of-bounds Write. CVSS score: 6.3/10. Published 2026-06-04.

How severe is CVE-2026-5589?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Buffer overflow in Zephyrproject-rtos Zephyr

CVE-2026-5589

An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solicitation handling (subsys/bluetooth/mesh/solicitation.c) leads to an out-of-bounds write. When CONFIG_BT_MESH_OD_PRIV_PROXY_SRV is enabled, the function parses solicitati…

Vulnerability class: Buffer Overflow

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Zephyrproject-rtos Zephyr

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

vulnerabilities@zephyrproject.org

Frequently asked questions

What is CVE-2026-5589?: CVE-2026-5589 is a medium-severity vulnerability in Zephyrproject-rtos Zephyr, classified under Out-of-bounds Write. CVSS score: 6.3/10. Published 2026-06-04.
How severe is CVE-2026-5589?: Medium severity. CVSS v3 base score is 6.3 out of 10.