Resource exhaustion in Open62541 Project / O6 Automation Gmbh
CVE-2026-11946
An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string…
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Open62541 Project / O6 Automation Gmbh — versions 1.4.0, 1.5.0, master
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2026-11946?
- CVE-2026-11946 is a high-severity vulnerability in Open62541 Project / O6 Automation Gmbh, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 7.5/10. Published 2026-07-02.
- How severe is CVE-2026-11946?
- High severity. CVSS v3 base score is 7.5 out of 10.