Unbounded Memory Allocation Vulnerability in Eclipse Wakaama
CVE-2026-58465

8.7HIGH

Key Information:

Status
Vendor
CVE Published:
2 July 2026

What is CVE-2026-58465?

Eclipse Wakaama prior to snapshot/2026-05-26 is susceptible to an unbounded memory allocation vulnerability in its CoAP Block1 handler. This flaw can be exploited by unauthenticated remote attackers, allowing them to send a series of Block1 PUT requests with increasing block numbers targeting the registration endpoint over UDP. Due to a lack of maximum size enforcement for the reallocating buffer, this may lead to continuous memory allocation, ultimately causing the server to experience denial of service through memory exhaustion.

Affected Version(s)

wakaama 0

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.
VulnCheck
.