What is the official website of Alfa-Bank ?

The official website of Alfa-Bank is http://www.job.alfabank.ru.

What is Alfa-Bank's cybersecurity risk score?

Alfa-Bank has an AI-generated cybersecurity risk score of 818 out of 1000, indicating a Good security posture according to Rankiteo's assessment.

How many security incidents has Alfa-Bank experienced?

According to Rankiteo, Alfa-Bank currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Alfa-Bank been affected by any supply chain cyber incidents ?

According to Rankiteo, Alfa-Bank has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Alfa-Bank have SOC 2 Type 1 certification ?

According to Rankiteo, Alfa-Bank is not certified under SOC 2 Type 1.

Does Alfa-Bank have SOC 2 Type 2 certification ?

According to Rankiteo, Alfa-Bank does not hold a SOC 2 Type 2 certification.

Does Alfa-Bank comply with GDPR ?

According to Rankiteo, Alfa-Bank is not listed as GDPR compliant.

Does Alfa-Bank have PCI DSS certification ?

According to Rankiteo, Alfa-Bank does not currently maintain PCI DSS compliance.

Does Alfa-Bank comply with HIPAA ?

According to Rankiteo, Alfa-Bank is not compliant with HIPAA regulations.

Does Alfa-Bank have ISO 27001 certification ?

According to Rankiteo,Alfa-Bank is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Alfa-Bank operate in ?

Alfa-Bank operates primarily in the Banking industry.

How many employees does Alfa-Bank have ?

Alfa-Bank employs approximately 5,410 people worldwide.

Does Alfa-Bank own any subsidiaries ?

Alfa-Bank presently has no subsidiaries across any sectors.

How many LinkedIn followers does Alfa-Bank have ?

Alfa-Bank's official LinkedIn profile has approximately followers.

What is the NAICS classification code for Alfa-Bank ?

Alfa-Bank is classified under the NAICS code 52211, which corresponds to Commercial Banking.

Does Alfa-Bank have a Crunchbase profile ?

No, Alfa-Bank does not have a profile on Crunchbase.

Does Alfa-Bank have a LinkedIn profile ?

Yes, Alfa-Bank maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/alfa-bank.

How many cybersecurity incidents has Alfa-Bank experienced ?

As of June 30, 2026, Rankiteo reports that Alfa-Bank has experienced 1 cybersecurity incidents.

How many peer or competitor companies does Alfa-Bank have ?

Alfa-Bank has an estimated 7,409 peer or competitor companies worldwide.

What types of cybersecurity incidents has Alfa-Bank faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Alfa-Bank

Boost Score +25 with badge (5 left)

818

/1000

Good

843

/1000

Good

Alfa-Bank Vendor Cyber Rating & Cyber Score

alfabank.ru

Add Your Compliance Badge

Альфа-Банк – крупнейший частный банк, входящий в топ-10 системно значимых кредитных организаций России. Ведущие рейтинговые агентства подтверждают статус лидера в банковском секторе и ежегодно присваивают Альфа-Банку высочайшие рейтинги. Кроме того, за Альфа-Банком прочно закрепился и статус самого инновационного банка. Мы работаем с 1990 года и осуществляем все виды банковских операций, представленных на рынке финансовых услуг, включая обслуживание частных и корпоративных клиентов, инвестиционный банковский бизнес, лизинг, факторинг и торговое финансирование. Во всех направлениях бизнеса за Альфа-Банком прочно закрепился статус инновационного банка. Наш банк одним из первых внедряет современные технологические решения в финансовом

Alfa-Bank A.I CyberSecurity Scoring

Scoring History

Alfa-Bank

Alfa-Bank CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Alfa-Bank

Breach

1/2026

ALFMIN176830019...

Loading…

A.I.

Alfa-Bank Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Alfa-Bank

Incidents vs Banking Industry Avg (This Year)

Alfa-Bank has 44.13% fewer incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

Alfa-Bank has 5.66% fewer incidents than the average of all companies with at least one recorded incident.

Incident Types Alfa-Bank vs Banking Industry Avg (This Year)

Alfa-Bank reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.

Incident History - Alfa-Bank (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Alfa-Bank Subsidiaries

Parent Company

Alfa-Bank

Banking

Website: http://www.job.alfabank.ru

Company Size: 10,001+ employees

No subsidiary data available for this company.

Loading…

Alfa-Bank Similar Companies

Bank of China

cb boc.cn

Bank of China, include BOC Hong Kong, BOC International, BOCG Insurance and other financial institutions, providing a comprehensive range of high-quality financial services to individual and corporate customers as well as financial institutions worldwide. Over the past century, Bank of China played an important role in China’s financial history. It was established in 1912 pursuant to the approval of DR. Sun Yat-sen. In the following 37 years the Bank served as the central bank, international exchange bank and specialized foreign trade bank successively. In 1949, Bank of China became the state-designated specialized foreign exchange bank. In 2003, it was named by the State Council as one of the pilot banks for joint-stock reform of wholly state-owned commercial banks. On August 26, 2004, Bank of China Limited was formally incorporated in Beijing as a state-controlled joint stock commercial bank. Bank of China is the most internationalized commercial bank in China. BOC London Branch, the first overseas branch of the Chinese banks, was established in 1929. Currently, it had over 10000 domestic operations and over 600 overseas operations. In 1994 and 1995, Bank of China became the note issuing bank in Hong Kong and Macao respectively. The Bank prepared a new strategic development plan which was approved by the Board of Directors in March 2009. Strategic Positioning: To be a large multinational banking group based on a diversified and integrated cross-border business platform, with a core business of commercial banking. Strategic Goals: To be a leading international bank delivering growth and excellence.

Crédit Mutuel

creditmutuel.com

Un modèle mutualiste au service des clients et des salariés. Réseau bancaire mutualiste constitué de 2124 Caisses locales le Crédit Mutuel se compose de 18 fédérations régionales, couvrant tout le territoire français. Société de personnes et non de capitaux, le Crédit Mutuel n’est pas coté en Bourse. Sa stratégie est ainsi dégagée de la recherche de la seule rentabilité à court terme, au profit d’un développement pensé sur le long terme. Son objectif central : rendre un service de qualité au coût le plus juste à tous ses sociétaires. Son organisation décentralisée favorise ainsi la qualité de service aux clients et la réactivité, par des circuits de décision courts. Reconnu à la fois par ses clients et les professionnels de la finance, le Crédit Mutuel décroche régulièrement des titres qui confortent son modèle mutualiste et ses valeurs de solidarité, responsabilité, égalité, proximité et responsabilité sociale portées par les salariés et les clients- sociétaires. Au-delà de son réseau, le Crédit Mutuel constitue un Groupe qui comprend également plusieurs filiales dont certaines sont implantées à l’étranger. Les nouveaux collaborateurs du Crédit Mutuel apprécient tout particulièrement : - un circuit de recrutement court, axé sur des entretiens évaluant notamment la personnalité et la motivation ; - un parcours d’intégration précis, suivi par la fonction Ressources Humaines. Les salariés apprécient tout particulièrement : - le Système d’Information au service du développement commercial ; - un management au travers d’objectifs collectifs ; - des démarches et outils de gestion des carrières et des compétences facilitant la progression dans l’entreprise ; - la qualité des formations de préparation ou d’accompagnement des changements d’emploi ; - la diversité des opportunités d’évolution, principalement commerciale, sur tous les marchés, dans toutes les entités du Groupe.

Crédit Mutuel Alliance Fédérale

creditmutuel.fr

Bancassureur de premier plan en France avec 79 000 collaborateurs au service de 31 millions de clients, Crédit Mutuel Alliance Fédérale propose une offre multiservice à une clientèle de particuliers, de professionnels de proximité et entreprises de toutes tailles, via plus de 4 000 points de vente. Banque coopérative et mutualiste, Crédit Mutuel Alliance Fédérale regroupe les Caisses de Crédit Mutuel des Fédérations Centre Est Europe (Strasbourg), Sud-Est (Lyon), Ile-de-France (Paris), Savoie-Mont Blanc (Annecy), Midi-Atlantique (Toulouse), Loire-Atlantique et Centre Ouest (Nantes), Centre (Orléans), Normandie (Caen), Dauphiné-Vivarais (Valence), Méditerranéen (Marseille), Anjou (Angers), Massif Central (Clermont-Ferrand), Antilles-Guyane (Fort-de-France) et Nord Europe (Lille). Crédit Mutuel Alliance Fédérale regroupe également la Caisse Fédérale de Crédit Mutuel, la Banque Fédérative du Crédit Mutuel (BFCM) et l’ensemble de ses filiales, notamment le CIC, Euro-Information, les Assurances du Crédit Mutuel (ACM), TARGOBANK, Cofidis Group, Beobank, la Banque Européenne du Crédit Mutuel (BECM), Banque de Luxembourg, Banque Transatlantique et Homiris. Au Crédit Mutuel Alliance Fédérale, nous valorisons la créativité et l’envie d’entreprendre de nos collaborateurs, au travers de métiers riches et diversifiés permettant à tous les profils de s’épanouir et d’évoluer. Vous souhaitez nous rejoindre ? Retrouvez notre site carrière : https://recrutement.creditmutuel.fr/fr/index.html Découvrez nos autres réseaux sociaux : ➡️ X : https://x.com/CreditMutuelAF ➡️ Instagram : https://www.instagram.com/creditmutuelaf.recrute ➡️ YouTube : https://www.youtube.com/@creditmutuelalliancefederale

Abu Dhabi Commercial Bank

cb adcb.com

Established in 1985, ADCB places its focus on the UAE where it helps to make a significant contribution to the economy and community it serves. Our aspiration to be the number one bank of choice in the UAE is fueled by the strength and effectiveness of our strategy. Guided by our values of Integrity, Care, Ambition, Respect, and Discipline and by putting our customers at the centre of our decision-making, ADCB has become a highly-recognised brand, trusted by our stakeholders. We offer many opportunities across the organisation for those interested in pursuing a fulfilling career that enables them to work with colleagues and customers from across the world. These roles span all major areas within ADCB, from retail, commercial and investment banking to support functions such as finance, human resources, technology and marketing. At ADCB, we seek to bring out the very best from every employee. We assess performance not only on results but also on how results were achieved. We believe in doing things the ADCB way, which makes us stand out from the crowd.

ING

ing.com

ING is a pioneer in digital banking and on the forefront as one of the most innovative banks in the world. As ING, we have a clear purpose that represents our conviction of people’s potential. We don’t judge, coach, or tell people how to live their lives. However big or small, modest or grand, we empower people and businesses to realise their vision for a better future. We made the promise to make banking frictionless, removing barriers to progress, and make people confident in their financial decisions. As a global bank we have a huge opportunity – and responsibility – to make an impact for the better. We can play a role by financing change, sharing knowledge, and innovating. Being sustainable is in all the choices we make—as a lender, as a partner and through the services we offer our customers

Crédit Agricole CIB

ca-cib.com

Crédit Agricole CIB is the corporate and investment banking arm of Crédit Agricole Group, 9th largest banking group worldwide in terms of balance sheet size in 2023 (The Banker, July 2024). Nearly 8,600 employees across Europe, the Americas, Asia-Pacific, the Middle East and North Africa support Crédit Agricole CIB's clients, meeting their financial needs throughout the world. Crédit Agricole CIB offers its large corporate and institutional clients a range of products and services in capital markets activities, investment banking, structured finance, commercial banking and international trade. The Bank is a pioneer in the area of climate finance, and is currently a market leader in this segment with a complete offer for all its clients.

VakıfBank

cb vakifbank.com.tr

1954 yılında, vakıf kaynaklarını ekonomik kalkınmanın gereksinimleri doğrultusunda en iyi biçimde değerlendirmek amacıyla kurulan VakıfBank, o günden bu yana çağdaş bankacılık yöntemleri ve uygulamalarıyla Türkiye’nin tasarruf düzeyinin gelişim sürecine katkıda bulunmaktadır. VakıfBank; bölgesinin en iyi, en çok tercih edilen ve değer yaratan bankası olma vizyonu doğrultusunda, vakıf kültüründen aldığı güçle, kendisine emanet edilen varlık ve değerleri etkin ve verimli yöneterek müşteriler, çalışanlar, hissedarlar ve topluma kattığı değerleri sürekli artırma misyonuyla hareket etmektedir. Kurumsal, ticari ve küçük işletme bankacılığının yanı sıra bireysel ve özel bankacılık alanlarında da çağdaş bankacılık ürün ve hizmetleri sunan VakıfBank, özellikle bir alanda değil, tüm finansal alanlarda uzmanlaşmış, Türkiye’nin önde gelen bankalarından biridir. Temel bankacılık ürün ve hizmetlerine ek olarak yatırım bankacılığı ve sermaye piyasası faaliyetlerinde de bulunan VakıfBank, iç ve dış ticaretin finansmanında öncü bir rol üstlenmektedir. Ayrıca, finansal iştirakleri aracılığıyla sigortacılıktan finansal kiralama ve factoring hizmetlerine kadar geniş bir yelpazede yer alan finansal ürünleri çağın gerektirdiği yüksek teknolojilerle müşterilerine sunmaktadır. VakıfBank’ın ABD New York, Kuzey Irak Erbil, Katar Doha şubelerinin yanı sıra Bahreyn’de kıyı bankacılığı şubesi bulunmaktadır. Ayrıca, Avusturya’da VakıfBank International AG (Viyana Şubesi ve Almanya’da Köln Şubesi), KKTC’de Tasfiye Halinde World Vakıf UBB. Ltd. ve Kıbrıs Vakıflar Bank. Ltd. olmak üzere yurt dışında üç bankada da iştiraki bulunmaktadır. VakıfBank’ın diğer iştirakleri arasında; Vakıf Faktoring A.Ş., Vakıf Finansal Kiralama A.Ş., Vakıf Gayrimenkul Yatırım Ortaklığı A.Ş., Vakıf Menkul Kıymet Yat. Ort. A.Ş., Vakıf Yatırım Menkul Değerler A.Ş. Vakıf Pazarlama San. ve Ticaret A.Ş., Taksim Otelcilik A.Ş., Vakıf Enerji ve Madencilik A.Ş., Vakıf Gayrimenkul Değerleme A.Ş. bulunmaktadır.

Access Bank Plc

cb accessbankplc.com

Access Bank Plc is a full service commercial Bank operating through a network of over 600 branches and service outlets located in major centres across Nigeria, Sub Saharan Africa and the United Kingdom. Listed on the Nigerian Stock Exchange in 1998, the Bank serves its various markets through 5 business segments: Institutional, Commercial, Retail Banking, Transaction Services and Financial Markets. The Bank has over 800,000 shareholders including several Nigerian and International Institutional Investors and has enjoyed what is arguably Africa’s most successful banking growth trajectory in the last ten years ranking amongst Africa’s top 15 banks by total assets and capital. As part of its continued growth strategy, Access Bank is focused on mainstreaming sustainable business practices into its operations. The Bank strives to deliver sustainable economic growth that is profitable, environmentally responsible and socially relevant. RC : 125384 Your privacy matters to us. We’re committed to protecting your personal information and being transparent about how we use it. Read up our privacy policy on our website or via: https://www.accessbankplc.com/privacy-policy

Capitec

capitecbank.co.za

Imagine simple, affordable banking solutions that work for you – just like it does for over 25 million South Africans. They’re banking smart, paying less and getting more value every day with us. As the country’s leading digital bank, we’re proud to have been voted the Coolest Bank by the youth in the 2024 Sunday Times GenNext Awards. With 880 branches and a team of over 16,900, we’re here to grow with you.

Loading…

NEWS

Alfa-Bank CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

March 14, 2026 01:29 PM

Fraudulent calls from "banks"/ Cybersecurity experts: Do not give out personal information

If you receive a call and someone posing as a bank employee asks for your bank card details or other personal information, do not give it to...

Read Article

November 07, 2025 08:00 AM

Saudi Arabia’s 2025 Connected Banking Summit Showcases Financial Innovation

The 22nd Connected Banking Summit – Innovation & Excellence Awards 2025 has concluded at the Radisson Blu Riyadh Convention and Exhibition...

Read Article

October 06, 2025 07:00 AM

Connected Banking Summit 2025 to Spotlight the Future of Banking in Saudi Arabia

Rabat - The International Centre for Strategic Alliances (ICSA) has announced the 22nd edition of the Connected Banking Summit - Innovation...

Read Article

August 31, 2025 07:00 AM

SentinelOne Stock: Breakthrough AI Tech Could Change Cybersecurity (NYSE:S)

SentinelOne combines strong Q2 '26 growth, standout AI-driven tech, and improving margins to build an efficient cybersecurity platform.

Read Article

August 06, 2025 07:00 AM

Russian Hackers Target BCR, Rompetrol, Hospitals and Government

Energy (2): Rompetrol, Mol România. Banking (17): Alpha Bank, Banca Transilvania, BCR, Exim Bank, the National Bank of Romania,...

Read Article

March 27, 2025 05:59 PM

Five large banks in Russia suffer major DDoS attack

Five Russian banks, including Sberbank and Alfa-Bank, have been hit by a major cyberattack, according to the country's central bank and regulator, Bank of...

Read Article

January 27, 2025 08:00 AM

A Tumultuous Week for Federal Cybersecurity Efforts

President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation's cybersecurity...

Read Article

September 13, 2024 07:00 AM

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities...

Read Article

July 27, 2024 07:00 AM

Cyberattack on Russian Banks Cause Widespread Disruption

This large-scale cyberattack on Russian banks, which began on the morning of July 23, has severely disrupted banking operations across Russia.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-8023

SUMMARY

Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE_TYPE_STATIC_FS, available when CONFIG_FILE_SYSTEM is enabled) that serves files from a configured root directory. Before this fix, both the HTTP/1 and HTTP/2 front-ends placed the raw, attacker-controlled request path into client-url_buffer (assembled in on_url() for HTTP/1 and copied verbatim from the :path pseudo-header for HTTP/2) without resolving ./.. segments. The static-FS handler then built the on-disk filename by directly concatenating the configured root with that raw URL (snprintk(fname, ..., "%s%s", static_fs_detail-fs_path, client-url_buffer) at http_server_http1.c:603 and http_server_http2.c:490) and opened it with fs_open(fname, FS_O_READ). Because the handler is reached via wildcard/leading-dir (fnmatch FNM_LEADING_DIR) or fallback resource matching, a request such as GET /<prefix/../../<file is dispatched to the handler and, after the underlying filesystem (e.g. LittleFS/FAT) resolves the .. segments, escapes the configured web root, letting an unauthenticated remote client read arbitrary readable files on the mounted volume (information disclosure). The HTTP server requires no TLS or authentication to reach this path. The fix adds http_server_remove_dot_segments(), which canonicalizes the path portion of the URL before resource lookup in both protocol handlers, neutralizing the traversal. Affects releases v4.0.0 through v4.4.0 for deployments that register a static-filesystem resource.

Published

Date2026-06-29

Updated

Date2026-06-29

RISK INFORMATION (Score: 7.5)

cvss3

Base Score: 7.5

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score

3.6

Exploitability

3.9

REFERENCES

CVE-2026-7656

SUMMARY

The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (handle_ra_input, handle_ns_input, handle_na_input) used an incorrect boolean expression that combined the RFC 4861 validity checks with the ICMPv6 code check using the wrong operator precedence: the form was '((length/hop/source/target checks) && (icmp_hdr-code != 0))'. Because every legitimate ND message carries ICMPv6 code 0, an attacker setting code == 0 (the normal value) caused the entire predicate to evaluate false, so the packet was never dropped and all of the other checks were silently skipped. The bypassed checks include the mandatory Hop Limit == 255 verification (which proves an ND packet originated on-link and was not forwarded) and, for Router Advertisements, the requirement that the source be a link-local address, as well as multicast-target sanity checks. As a result, an adjacent on-link attacker — and, because the Hop-Limit-255 guard is bypassed, potentially a remote/off-link attacker whose packets would otherwise be rejected — can have forged Router Advertisement, Neighbor Solicitation, and Neighbor Advertisement messages accepted. A forged RA lets the attacker reconfigure the victim's default router, on-link prefixes (SLAAC), MTU, reachable/retransmit timers, and (with CONFIG_NET_IPV6_RA_RDNSS) DNS servers, while forged NS/NA enable neighbor-cache poisoning, enabling man-in-the-middle, traffic redirection, and denial of service. The flaw is an input-validation/authentication weakness rather than a memory-safety issue: the underlying packet-parsing primitives (net_pkt_get_data, net_pkt_read, net_pkt_skip) are independently bounds-safe and the validated 'length' is the true buffer length, so skipping the length check causes no out-of-bounds access. The defect has existed since the logic was introduced in 2018 and shipped in all releases through v4.4.0; it is fixed by splitting the condition so any failing check drops the packet.

Published

Date2026-06-29

Updated

Date2026-06-29

RISK INFORMATION (Score: 8.1)

cvss3

Base Score: 8.1

Complexity: LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Impact Score

5.2

Exploitability

2.8

REFERENCES

CVE-2026-51219

SUMMARY

A heap buffer overflow in the HighPriorityASDUQueue_hasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Published

Date2026-06-29

Updated

Date2026-06-29

RISK INFORMATION (Score: )

Impact Score

Exploitability

REFERENCES

CVE-2026-51218

SUMMARY

A heap buffer overflow in the TS7Worker::PerformFunctionWrite() function (/core/s7_server.cpp) of snap7 v1.4.3 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

Published

Date2026-06-29

Updated

Date2026-06-29

RISK INFORMATION (Score: )

Impact Score

Exploitability

REFERENCES

CVE-2026-10648

SUMMARY

mcumgr_serial_process_frag() in subsys/mgmt/mcumgr/transport/src/serial_util.c calls net_buf_reset() on the result of smp_packet_alloc() before checking it for NULL. smp_packet_alloc() uses net_buf_alloc(K_NO_WAIT) against the shared MCUmgr packet pool (CONFIG_MCUMGR_TRANSPORT_NETBUF_COUNT, default 4), which returns NULL when the pool is exhausted. In default builds the __ASSERT_NO_MSG in net_buf_reset is a no-op, so net_buf_simple_reset writes through the NULL pointer (buf->len = 0; buf->data = buf->__buf), causing a fault/crash. The fragment data reaches this code from attacker-controlled bytes on the MCUmgr serial/UART/shell-console transports (smp_uart.c, smp_raw_uart.c, smp_shell.c), and a fresh buffer is allocated at the start of essentially every new packet. An attacker on the serial/console link can flood the transport to drive the 4-entry buffer pool to exhaustion and induce the NULL dereference, crashing the device (denial of service). The defect was introduced after the original MCUmgr rework and shipped in Zephyr v4.4.0. The fix moves the NULL check ahead of net_buf_reset.

Published

Date2026-06-29

Updated

Date2026-06-29

RISK INFORMATION (Score: 6.2)

cvss3

Base Score: 6.2

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score

3.6

Exploitability

2.5

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…