CVE-2026-1679 in zephyrproject-rtos Zephyr
Summary
The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send API; no remote attacker can reach it directly.
Responsible
zephyr
Reservation
01/30/2026
Disclosure
03/28/2026
Entries
| Published | Base | Temp | Vulnerability | CWE | Prod | Exp | Cou | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 03/28/2026 | 6.3 | 6.2 | zephyrproject-rtos Zephyr Eswifi Socket Offload Driver buffer overflow | 120 | Project Management Software | Not defined | Official fix | 0.00035 | 1.49 | CVE-2026-1679 |