Resource exhaustion in Open62541 Project / O6 Automation Gmbh
CVE-2026-33592
An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily l…
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Open62541 Project / O6 Automation Gmbh — versions 1.4.0, 1.5.0, master
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2026-33592?
- CVE-2026-33592 is a high-severity vulnerability in Open62541 Project / O6 Automation Gmbh, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 7.5/10. Published 2026-07-02.
- How severe is CVE-2026-33592?
- High severity. CVSS v3 base score is 7.5 out of 10.