Improper Resource Shutdown in Mitsubishi Electric MELSEC iQ-F Series Ethernet Module
CVE-2026-1876

8.7HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Melsec Iq-f Series Fx5-enet/ip Ethernet Module Fx5-enet/ip
Vendor
CVE Published:
3 March 2026

What is CVE-2026-1876?

The MELSEC iQ-F Series FX5-ENET/IP Ethernet Module from Mitsubishi Electric is susceptible to a vulnerability that allows a remote attacker to initiate a denial-of-service (DoS) condition. By sending a continuous stream of UDP packets to the affected module, the attacker can disrupt service, requiring a system reset for recovery. This poses significant risks in operational environments relying on this equipment for critical networking.

Affected Version(s)

MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP All versions

References

https://www.mitsubishielectric.com/psirt/vulnerability/pd...
vendor-advisory
https://jvn.jp/vu/JVNVU93286687/
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-6...
government-resource

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.