🔐 CVE Alert

CVE-2026-11946

HIGH 7.5

GetEndpoints Memory Exhaustion in open62541

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32 length field) delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out. The attack is pre-session and bypasses all encryption configurations. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.

CWE CWE-770 CWE-789
Vendor open62541 project / o6 automation gmbh
Product open62541
Published Jul 2, 2026
Last Updated Jul 2, 2026
Stay Ahead of the Next One

Get instant alerts for open62541 project / o6 automation gmbh open62541

Be the first to know when new high vulnerabilities affecting open62541 project / o6 automation gmbh open62541 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Affected Versions

open62541 project / o6 Automation GmbH / open62541
1.4.0 ≤ 1.4.16 1.5.0 ≤ 1.5.4 master

References

NVD ↗ CVE.org ↗ EPSS Data ↗
github.com: https://github.com/open62541/open62541/pull/8142 github.com: https://github.com/open62541/open62541/pull/8142/changes/d253818d6c5e870e1db0e360b18138c8bdc809ae github.com: https://github.com/open62541/open62541

Credits

Lorenzo Cannella from Fondazione Ugo Bordoni (FUB)