Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network vector for remote server-to-client trigger; AC:H for required server control or MITM; PR:L for rogue server operation; availability-only crash with no C or I impact.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was identified in open62541 up to 1.5.5. Affected by this issue is the function responseReadNamespacesArray of the file src/client/ua_client_connect.c of the component Shared Client Library. Such manipulation of the argument Server_NamespaceArray leads to null pointer dereference. The attack can be executed remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit is publicly available and might be used. The project closed the issue report, stating that this is not the official way to report a security vulnerability.
AnalysisAI
Null pointer dereference in open62541's client library (versions up to 1.5.5) allows a remote OPC UA server to crash a connecting client by returning a malformed Server_NamespaceArray during session establishment, causing denial of service. The flaw is client-side only - server deployments are unaffected - and exploitation requires the attacker to control or impersonate a server the vulnerable client connects to, making practical exploitation high-complexity. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to control or credibly impersonate an OPC UA server that a vulnerable open62541 client (version 1.5.5 or earlier) actively connects to - achieved either by operating a rogue server on the same network segment or by executing a man-in-the-middle attack against OPC UA session establishment. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 1.3 is among the lowest possible, accurately reflecting a narrow, high-complexity denial-of-service condition. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on the same network segment as an open62541-based client application deploys a rogue OPC UA server or performs a man-in-the-middle attack against an existing OPC UA endpoint. When the vulnerable client initiates a session and calls `responseReadNamespacesArray` during the handshake, the attacker's server returns a crafted or malformed `Server_NamespaceArray` payload that triggers a null pointer dereference, crashing the client process. … |
| Remediation | No vendor-released patch has been identified at time of analysis - the open62541 project closed issue #8104 without addressing it through an official security process, citing improper reporting channel. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Remote memory exhaustion in open62541's FindServers Discovery Service lets an unauthenticated attacker crash or degrade
Uncontrolled memory consumption in open62541's OPC UA Discovery Service allows a remote, unauthenticated attacker to cra
The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) du
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43659
GHSA-cfxc-8gpx-qrvw