Skip to main content

open62541 CVE-2026-15690

| EUVDEUVD-2026-43659 LOW
NULL Pointer Dereference (CWE-476)
2026-07-14 VulDB GHSA-cfxc-8gpx-qrvw
1.3
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
1.3 LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.1 LOW

Network vector for remote server-to-client trigger; AC:H for required server control or MITM; PR:L for rogue server operation; availability-only crash with no C or I impact.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
4.0 AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jul 14, 2026 - 12:31 vuln.today
CVSS changed
Jul 14, 2026 - 12:22 NVD
2.3 (LOW) 1.3 (LOW)
CVE Published
Jul 14, 2026 - 11:45 cve.org
LOW 1.3

DescriptionCVE.org

A vulnerability was identified in open62541 up to 1.5.5. Affected by this issue is the function responseReadNamespacesArray of the file src/client/ua_client_connect.c of the component Shared Client Library. Such manipulation of the argument Server_NamespaceArray leads to null pointer dereference. The attack can be executed remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit is publicly available and might be used. The project closed the issue report, stating that this is not the official way to report a security vulnerability.

AnalysisAI

Null pointer dereference in open62541's client library (versions up to 1.5.5) allows a remote OPC UA server to crash a connecting client by returning a malformed Server_NamespaceArray during session establishment, causing denial of service. The flaw is client-side only - server deployments are unaffected - and exploitation requires the attacker to control or impersonate a server the vulnerable client connects to, making practical exploitation high-complexity. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain network access to OPC UA segment
Delivery
Deploy rogue OPC UA server or MITM session
Exploit
Client initiates connection handshake
Execution
Serve malformed Server_NamespaceArray response
Persist
Trigger null pointer dereference in responseReadNamespacesArray
Impact
Crash open62541 client process

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to control or credibly impersonate an OPC UA server that a vulnerable open62541 client (version 1.5.5 or earlier) actively connects to - achieved either by operating a rogue server on the same network segment or by executing a man-in-the-middle attack against OPC UA session establishment. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 1.3 is among the lowest possible, accurately reflecting a narrow, high-complexity denial-of-service condition. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the same network segment as an open62541-based client application deploys a rogue OPC UA server or performs a man-in-the-middle attack against an existing OPC UA endpoint. When the vulnerable client initiates a session and calls `responseReadNamespacesArray` during the handshake, the attacker's server returns a crafted or malformed `Server_NamespaceArray` payload that triggers a null pointer dereference, crashing the client process. …
Remediation No vendor-released patch has been identified at time of analysis - the open62541 project closed issue #8104 without addressing it through an official security process, citing improper reporting channel. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15690 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy