A vulnerability classified as critical has been found in zephyrproject-rtos Zephyr up to 4.3.0 . This affects the function bt_mesh_sol_recv of the file subsys/bluetooth/mesh/solicitation.c . Performing a manipulation results in out-of-bounds write. This vulnerability is cataloged as CVE-2026-5589 . The attack must originate from the local network. There is no exploit available.