What is CVE-2026-11576?

CVE-2026-11576 is a high-severity vulnerability in Eclipse Foundation Threadx - Netx Duo, classified under Double Free. CVSS score: 7.5/10. Published 2026-06-19.

How severe is CVE-2026-11576?

High severity. CVSS v3 base score is 7.5 out of 10.

Double Free in Eclipse Foundation Threadx - Netx Duo

CVE-2026-11576

The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fx_file_close() even when the file wa…

Vulnerability class: Double Free

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Eclipse Foundation Threadx - Netx Duo — versions 6.4.2

Weakness classification (CWE)

CWE-415 — Double Free
CWE-459 — Incomplete Cleanup
CWE-908 — Use of Uninitialized Resource

References

emo@eclipse.org

Frequently asked questions

What is CVE-2026-11576?: CVE-2026-11576 is a high-severity vulnerability in Eclipse Foundation Threadx - Netx Duo, classified under Double Free. CVSS score: 7.5/10. Published 2026-06-19.
How severe is CVE-2026-11576?: High severity. CVSS v3 base score is 7.5 out of 10.