Skip to main content

Eclipse Threadx Netx Duo

1 CVEs product

Monthly

CVE-2026-11576 HIGH This Week

Denial of service in Eclipse ThreadX NetX Duo HTTP server arises from a flawed remediation of CVE-2025-0728, where the refactored shared cleanup label invokes fx_file_close() on an uninitialized file handle whenever an error occurs before file open. Remote attackers can reach the vulnerable PUT path over the network without authentication, triggering undefined behavior, double-close conditions, or memory corruption that can crash the embedded HTTP service. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Buffer Overflow Eclipse Threadx Netx Duo
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Eclipse ThreadX NetX Duo HTTP server arises from a flawed remediation of CVE-2025-0728, where the refactored shared cleanup label invokes fx_file_close() on an uninitialized file handle whenever an error occurs before file open. Remote attackers can reach the vulnerable PUT path over the network without authentication, triggering undefined behavior, double-close conditions, or memory corruption that can crash the embedded HTTP service. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Buffer Overflow Eclipse Threadx Netx Duo
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy