A vulnerability was found in ZephyrProject Zephyr up to 4.4.x. It has been declared as critical. This affects the function wg_process_data_message of the file subsys/net/lib/wireguard/wg_crypto.c of the component WireGuard Subsystem. The manipulation of the argument data_len results in out-of-bounds write.

This vulnerability is known as CVE-2026-10665. It is possible to launch the attack remotely. No exploit is available.