Error Handling Vulnerability in NetX Duo HTTP Server by Eclipse
CVE-2026-11576

7.5HIGH

Key Information:

Vendor: Eclipse Foundation
Status: Eclipse Threadx - Netx Duo
Vendor: CVE Published:; 19 June 2026

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2026-11576?

The vulnerability arises from a flaw in the error handling mechanism of the HTTP server's PUT process in the NetX Duo framework. A shared cleanup label has been introduced for managing resources, but it inadvertently invokes the file close operation without checking if the file handle was successfully initialized. This situation can lead to undefined behavior, including potential memory corruption and double-close scenarios, thus compromising the integrity of the system.

Affected Version(s)

Eclipse ThreadX - NetX Duo 6.4.2 <= 6.5.0.202601

References

https://gitlab.eclipse.org/security/cve-assignment/-/work...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2026
Vulnerability Reserved
Jun 8, 2026

Credit

@decsecre583

CVE-2026-11576 Data

JSON