Remote Memory Exhaustion Vulnerability in open62541 by open62541
CVE-2026-11946

7.5HIGH

What is CVE-2026-11946?

A significant vulnerability in open62541 allows an unauthenticated remote attacker to exploit the GetEndpoints Discovery Service by sending oversized 'endpointUrl' strings. The service does not properly validate the length of this input, enabling attackers to exhaust server memory. By transmitting data in large chunks, up to approximately 4.09 GB, the attacker can keep the server's memory filled indefinitely, since the server buffers the incoming data until a SecureChannel timeout occurs. This pre-session attack effectively bypasses any encryption measures in place.

Affected Version(s)

open62541 1.4.0 <= 1.4.16

open62541 1.5.0 <= 1.5.4

open62541 master

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lorenzo Cannella from Fondazione Ugo Bordoni (FUB)
.