Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability

The Sonos Era 300 speaker contains a critical remote code execution vulnerability (CVE-2026-4149) that allows unauthenticated attackers to execute arbitrary code on affected devices with a CVSS score of 10.0. This represents a maximum severity risk as no user interaction or authentication is required to exploit the flaw, potentially giving attackers complete control over the device. Security teams should immediately prioritize patching all Sonos Era 300 systems and consider isolating affected devices from networks until updates are available.