Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-33592— FindServers Memory Exhaustion in open62541

CVSS 7.5 · High EPSS 0.39% · P31

Possible ATT&CK Techniques 1AI

T1496 · Resource Hijacking

Affected Version Matrix 3

VendorProductVersion RangeStatus
open62541 project / o6 Automation GmbHopen625411.4.0≤ 1.4.16affected
1.5.0≤ 1.5.4affected
masteraffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-33592

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
FindServers Memory Exhaustion in open62541
Source: NVD (National Vulnerability Database)
Vulnerability Description
An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string (up to ~3.9 GB) delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out. The attack is pre-session and bypasses all encryption configuration. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不加限制或调节的资源分配
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
open62541 project / o6 Automation GmbHopen62541 1.4.0 ~ 1.4.16 -

II. Public POCs for CVE-2026-33592

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-33592

登录查看更多情报信息。

Patches & Fixes for CVE-2026-33592 (2)

IV. Related Vulnerabilities

V. Comments for CVE-2026-33592

No comments yet


Leave a comment