A vulnerability classified as critical has been found in zephyrproject zephyr up to 4.4.x . The impacted element is the function getaddrinfo of the file subsys/net/lib/sockets/getaddrinfo.c . The manipulation of the argument ai_arr[] leads to use after free. This vulnerability is listed as CVE-2026-10646 . The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.