A vulnerability described as critical has been identified in Zephyr Project Zephyr up to 4.4.x. This affects the function notify_handler of the file subsys/bluetooth/audio/bap_broadcast_assistant.c of the component Broadcast Assistant. Executing a manipulation of the argument offset can lead to out-of-bounds write.

This vulnerability is registered as CVE-2026-10660. It is possible to launch the attack remotely. No exploit is available.