A vulnerability labeled as problematic has been found in zephyrproject zephyr up to 4.4.x. This vulnerability affects the function
mcumgr_serial_process_frag of the file subsys/mgmt/mcumgr/transport/src/serial_util.c. Such manipulation of the argument len leads to null pointer dereference.
This vulnerability is uniquely identified as CVE-2026-10648. Local access is required to approach this attack. No exploit exists.
The affected component should be upgraded.