A vulnerability described as problematic has been identified in zephyrproject zephyr up to 4.4.x . The affected element is the function unicast_client_ep_qos_state of the file subsys/bluetooth/audio/bap_unicast_client.c . Executing a manipulation can lead to null pointer dereference. This vulnerability is tracked as CVE-2026-10593 . The attack is only possible within the local network. No exploit exists. Upgrading the affected component is recommended.