Denial-of-Service Vulnerability in Moxa's Serial Device Servers
CVE-2026-10825

7.1HIGH

Key Information:

Vendor: Moxa
Status: Nport 6000-g2 Series
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-10825?

A vulnerability in Moxa's Serial Device Servers allows for denial-of-service attacks through improper validation of JSON-based requests in the WebSocket API. This enables a low-privileged authenticated attacker to submit specially crafted requests, potentially resulting in service disruptions and unexpected device reboots. Timely patching and monitoring are recommended to mitigate risks associated with this vulnerability.

Affected Version(s)

NPort 6000-G2 Series 1.0 <= 1.1.0

NPort 6000-G2 Series 1.2.0

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Jun 4, 2026

CVE-2026-10825 Data

JSON