{"vulnerability": "CVE-2026-10646", "sightings": [{"uuid": "c09c1629-69f6-411c-8c72-f4637630d0d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10646", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpdcbiet3q2v", "content": "Zephyr (4.0.0 \u2013 4.4.0) faces a HIGH severity use-after-free vuln (CVE-2026-10646). Attackers can trigger crashes via spoofed DNS replies. Patch pending \u2014 review exposure now. https://radar.offseq.com/threat/cve-2026-10646-use-after-free-in-zephyrproject-zep-22335ff5e2d4e43d #OffSeq #Zephyr #Vuln", "creation_timestamp": "2026-06-28T06:00:28.295415Z"}, {"uuid": "28033294-6171-4c25-bed0-2fdcf0a743bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10646", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpddktd5em27", "content": "CVE-2026-10646 - Use-after-return in `zsock_getaddrinfo()` when a timed-out DNS query is retried without cancellation\nCVE ID : CVE-2026-10646\n \n Published : June 28, 2026, 4:04 a.m. | 1\u00a0hour, 41\u00a0minutes ago\n \n Description : Zephyr's BSD-sockets getaddrinfo() implementation (su...", "creation_timestamp": "2026-06-28T06:23:34.113505Z"}, {"uuid": "7aa1ca41-e660-41ae-8747-8567e90f9385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10646", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mpdfhoopcg2d", "content": "Zephyr v4.0.0-v4.4.0\u306egetaddrinfo()\u5b9f\u88c5\u306b\u3001DNS\u30af\u30a8\u30ea\u3067\u30b9\u30bf\u30c3\u30af\u9818\u57df\u3092\u8aa4\u3063\u3066\u4f7f\u7528\u3059\u308b\u8106\u5f31\u6027\u304c\u3042\u308b\u3002\u653b\u6483\u8005\u306f\u3053\u308c\u3092\u5229\u7528\u3057\u3001\u30b5\u30fc\u30d3\u30b9\u59a8\u5bb3\u3084\u30e1\u30e2\u30ea\u7834\u58ca\u3092\u5f15\u304d\u8d77\u3053\u3059\u53ef\u80fd\u6027\u304c\u2026\nCVE-2026-10646 CVSS 7.4 | HIGH", "creation_timestamp": "2026-06-28T06:57:36.208420Z"}, {"uuid": "da79f413-8742-41be-9185-3cf580335b57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10646", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mpfphxar7f26", "content": "Daily IT Security Digest \u2014 2026-06-29\nSystem (CVSS 6.9). Tenda JD12L routers have a HIGH severity stack buffer overflow (CVE-2026-13517, CVSS ~7.5) exploitable remotely. Meanwhile, Zephyr RTOS 4.0.0\u20134.4.0 has CVE-2026-10646 (CVSS 7.4), a use-after-free in getaddrinfo().", "creation_timestamp": "2026-06-29T05:02:01.919234Z"}, {"uuid": "7530474b-2a2c-4116-bd98-963d55cc2386", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10646", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mphe6lcdtf25", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-10646 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 getaddrinfo() \u0432 Zephyr: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/C564DED5-D5CF-424D-BC7F-ACF27E5F6442", "creation_timestamp": "2026-06-29T20:45:15.540420Z"}]}