CVE-2026-10672
CVE-2026-10672 affects Zephyr LwM2M firmware pull: code copies the firmware-package URI into a fixed 128-byte buffer without length validation, using memcpy for an up-to 254-character URI. The server-supplied URI is stored in a 255-byte object buffer; only the first 128 bytes are copied into cont...