CVE-2026-27689
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
2Tags
Description
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected.
Analysis
Denial of service in a remote-enabled function module allows authenticated attackers to exhaust system resources by submitting requests with oversized loop parameters, rendering the affected system unavailable. The vulnerability requires valid user credentials and network access but no user interaction, making it exploitable by any authenticated user on the network. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running affected software and restrict network access to the vulnerable function module to trusted users/networks only. Within 7 days: Implement WAF rules or API gateway controls to detect and throttle requests with abnormally large loop parameters; enable detailed logging on affected modules. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today