Home / Vulnerability Intelligence / CVE-2026-4149

CVE-2026-4149 - Vulnerability Analysis

CriticalCVSS: 10.0

Last Updated: April 13, 2026

Sonos Era 300 - Remote Code Execution

Published: April 11, 2026Updated: April 13, 2026Remote Exploitable

Overview

Sonos Era 300 contains a remote code execution caused by improper validation of the DataOffset field in SMB responses, letting remote attackers execute arbitrary code in kernel context without authentication.

Severity & Score

Severity: Critical

CVSS Score: 10.0

EPSS Score: 127.2%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary code in kernel context, potentially leading to full system compromise.

Mitigation

Update to the latest version of Sonos Era 300.

References

https://www.zerodayinitiative.com/advisories/ZDI-26-192/

Social Media Activity(2 posts)

OffSequence

@offseq

Apr 11, 2026

⚠️ CVE-2026-4149: Sonos Era 300 (v17.5) has a CRITICAL remote code execution vulnerability via SMB, allowing kernel-level compromise without auth. No patch yet — restrict SMB access! https://radar.offseq.com/threat/cve-2026-4149-cwe-119-improper-restriction-of-oper-dcf90312 #OffSeq #Sonos #Infosec #RCE

View original post

TheHackerWire

@thehackerwire

Apr 11, 2026

🔴 CVE-2026-4149 - Critical (10) Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vu... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4149/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-4149
Severity: Critical
CVSS Score: 10.0
Type: out_of_bounds_rw
Status: unconfirmed
EPSS: 127.2%
Social Posts: 2

CWE

CWE-119

CVSS Metrics

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

127.2%Probability of exploitation in the next 30 days