Skip to main content

Open62541

4 CVEs product

Monthly

CVE-2026-15690 LOW POC Monitor

Null pointer dereference in open62541's client library (versions up to 1.5.5) allows a remote OPC UA server to crash a connecting client by returning a malformed Server_NamespaceArray during session establishment, causing denial of service. The flaw is client-side only - server deployments are unaffected - and exploitation requires the attacker to control or impersonate a server the vulnerable client connects to, making practical exploitation high-complexity. A proof-of-concept exists as a GitHub issue report; no public exploit is confirmed as weaponized and the vulnerability is not listed in CISA KEV.

Denial Of Service Null Pointer Dereference Open62541
NVD VulDB GitHub
CVSS 4.0
1.3
EPSS
0.4%
CVE-2026-11946 HIGH PATCH This Week

Uncontrolled memory consumption in open62541's OPC UA Discovery Service allows a remote, unauthenticated attacker to crash or degrade servers by abusing the GetEndpoints request handling. Because the endpointUrl field length is never validated, an attacker can advertise a string up to ~4.09 GB and stream it across incomplete message chunks that the server buffers in RAM indefinitely until the SecureChannel times out, exhausting available memory. The flaw is pre-session and works against any encryption configuration; no public exploit is identified at time of analysis, and it is not listed in CISA KEV.

Denial Of Service Open62541 Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-33592 HIGH PATCH This Week

Remote memory exhaustion in open62541's FindServers Discovery Service lets an unauthenticated attacker crash or degrade OPC UA servers built on versions 1.4.0-1.4.16, 1.5.0-1.5.4, and master. Because the serverUris field of a FindServersRequest is never validated for length or array size, an attacker can declare a string of up to ~3.9 GB and stream it across chunks while withholding the final chunk, forcing the server to buffer everything in RAM until the SecureChannel times out. The attack is pre-session, requires no authentication, and bypasses all encryption configuration; no public exploit identified at time of analysis.

Denial Of Service Open62541
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-25761 HIGH PATCH This Week

The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Open62541 Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
EPSS 0% CVSS 1.3
LOW POC Monitor

Null pointer dereference in open62541's client library (versions up to 1.5.5) allows a remote OPC UA server to crash a connecting client by returning a malformed Server_NamespaceArray during session establishment, causing denial of service. The flaw is client-side only - server deployments are unaffected - and exploitation requires the attacker to control or impersonate a server the vulnerable client connects to, making practical exploitation high-complexity. A proof-of-concept exists as a GitHub issue report; no public exploit is confirmed as weaponized and the vulnerability is not listed in CISA KEV.

Denial Of Service Null Pointer Dereference Open62541
NVD VulDB GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Uncontrolled memory consumption in open62541's OPC UA Discovery Service allows a remote, unauthenticated attacker to crash or degrade servers by abusing the GetEndpoints request handling. Because the endpointUrl field length is never validated, an attacker can advertise a string up to ~4.09 GB and stream it across incomplete message chunks that the server buffers in RAM indefinitely until the SecureChannel times out, exhausting available memory. The flaw is pre-session and works against any encryption configuration; no public exploit is identified at time of analysis, and it is not listed in CISA KEV.

Denial Of Service Open62541 Red Hat
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote memory exhaustion in open62541's FindServers Discovery Service lets an unauthenticated attacker crash or degrade OPC UA servers built on versions 1.4.0-1.4.16, 1.5.0-1.5.4, and master. Because the serverUris field of a FindServersRequest is never validated for length or array size, an attacker can declare a string of up to ~3.9 GB and stream it across chunks while withholding the final chunk, forcing the server to buffer everything in RAM until the SecureChannel times out. The attack is pre-session, requires no authentication, and bypasses all encryption configuration; no public exploit identified at time of analysis.

Denial Of Service Open62541
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Open62541 Fedora
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy