Memory Exhaustion Vulnerability in open62541 Server by open62541
CVE-2026-33592
7.5HIGH
Key Information:
- Status
- Vendor
- CVE Published:
- 2 July 2026
What is CVE-2026-33592?
A vulnerability exists in the FindServers Discovery Service of open62541, where an unauthenticated remote attacker could exploit inadequate validation of the serverUris field in FindServersRequest. This can lead to server memory exhaustion, as an attacker can submit an excessively large string—up to approximately 3.9 GB—through multiple chunks without sending a final chunk. Consequently, this causes server memory to be consumed indefinitely. Moreover, the attack occurs prior to any session establishment, thus circumventing any encryption settings that may be in place.
Affected Version(s)
open62541 1.4.0 <= 1.4.16
open62541 1.5.0 <= 1.5.4
open62541 master
