Denial-of-Service Vulnerability in Mitsubishi Electric MELSEC iQ-F Series Ethernet Module
CVE-2026-8806

8.7HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Mitsubishi Electric Melsec Iq-f Series Fx5-enet/ip Ethernet Module Fx5-enet/ip
Vendor
CVE Published:
19 June 2026

What is CVE-2026-8806?

A vulnerability exists in the Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module that allows a remote attacker to exploit the system by flooding its Ethernet port with a high volume of communication packets. This overwhelming traffic can lead to a denial-of-service condition, resulting in the inability of the product to perform internal anomaly detection and subsequently halting communication functions. The implications of this vulnerability can disrupt operational integrity and hinder the performance of affected products.

Affected Version(s)

Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP All versions

References

https://www.mitsubishielectric.com/psirt/vulnerability/pd...
vendor-advisory
https://jvn.jp/vu/JVNVU97140216/
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...
government-resource

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.