A vulnerability identified as problematic has been detected in zephyrproject zephyr up to 4.4.x. Affected by this vulnerability is the function
usbh_device_disconnect of the file subsys/usb/host/usbh_device.c of the component USB Host Stack. Performing a manipulation of the argument root results in use after free.
This vulnerability was named CVE-2026-10663. The attack needs to be approached locally. There is no available exploit.