A vulnerability marked as problematic has been reported in Zephyr Project Zephyr up to 4.4.x. This impacts the function
udc_event_xfer_out_done of the file drivers/usb/udc/udc_max32.c. This manipulation of the argument actlen causes null pointer dereference.
The identification of this vulnerability is CVE-2026-10656. The attack can only be executed locally. There is no exploit available.