ZDI 2026-03-16

ZDI-26-192: Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability

CVE-2026-4149

Machine-generated analysis · WAYSCloud LLM

The vulnerability allows unauthenticated remote code execution with a CVSS score of 10.0. The Sonos Era 300 appears to expose an SMB service network-facing.

Context

The Sonos Era 300 smart speaker is affected by an out-of-bounds access vulnerability in its SMB response handling. The advisory states this allows unauthenticated remote attackers to execute arbitrary code. The vulnerability is assigned CVE-2026-4149 and a CVSS base score of 10.0.

Operator considerations

Check: Inventory Sonos Era 300 devices on your network.
Isolate: Consider isolating Sonos Era 300 devices from untrusted networks until patched.

From Zero Day Initiative ↗

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 10.0. The following CVEs are assigned: CVE-2026-4149.

Read the full advisory on ZDI →