Resource exhaustion in Open62541 Project / O6 Automation Gmbh

CVE-2026-33592

An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily l…

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-33592?
CVE-2026-33592 is a high-severity vulnerability in Open62541 Project / O6 Automation Gmbh, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 7.5/10. Published 2026-07-02.
How severe is CVE-2026-33592?
High severity. CVSS v3 base score is 7.5 out of 10.