Tag
A public Proof of Concept (PoC) is available for CVE-2026-10672, an out-of-bounds read vulnerability in the LwM2M firmware update component of Zephyr RTOS versions 3.0.0 through 4.4.0, allowing an attacker to exfiltrate up to 13 bytes of sensitive data from adjacent memory via crafted CoAP requests, significantly elevating risk for unpatched IoT and embedded systems.