Resource exhaustion in Open62541 Project / O6 Automation Gmbh

CVE-2026-11946

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string…

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-11946?
CVE-2026-11946 is a high-severity vulnerability in Open62541 Project / O6 Automation Gmbh, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 7.5/10. Published 2026-07-02.
How severe is CVE-2026-11946?
High severity. CVSS v3 base score is 7.5 out of 10.