What is CVE-2026-35901?

CVE-2026-35901 is a medium-severity vulnerability in Mercurycom Mipc252w, classified under Uncontrolled Resource Consumption. CVSS score: 4.4/10. Published 2026-04-27.

How severe is CVE-2026-35901?

Medium severity. CVSS v3 base score is 4.4 out of 10.

Resource exhaustion in Mercurycom Mipc252w

CVE-2026-35901

A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP s…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.000 (0.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H.

Affected products

Mercurycom Mipc252w
Mercurycom Mipc252w_firmware — versions 1.0.5
N/a — versions n/a

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

cve@mitre.org (Exploit, Third Party Advisory)

Frequently asked questions

What is CVE-2026-35901?: CVE-2026-35901 is a medium-severity vulnerability in Mercurycom Mipc252w, classified under Uncontrolled Resource Consumption. CVSS score: 4.4/10. Published 2026-04-27.
How severe is CVE-2026-35901?: Medium severity. CVSS v3 base score is 4.4 out of 10.