Description
An unauthenticated remote attacker can exhaust
server memory via the GetEndpoints Discovery Service in open62541. The
endpointUrl field of GetEndpointsRequest is not validated for length. An
attacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32
length field) delivered across intermediate chunks without ever sending the
final chunk. The server buffers all chunks in RAM indefinitely until the
SecureChannel times out. The attack is
pre-session and bypasses all encryption configurations.



The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.
Published: 2026-07-02
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 06 Jul 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Open62541
Open62541 open62541
Vendors & Products Open62541
Open62541 open62541

Fri, 03 Jul 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1284
References
Metrics threat_severity

None

threat_severity

Important


Thu, 02 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 02 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Description An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32 length field) delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out. The attack is pre-session and bypasses all encryption configurations. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.
Title GetEndpoints Memory Exhaustion in open62541
Weaknesses CWE-770
CWE-789
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Subscriptions

Open62541 Open62541
cve-icon MITRE

Status: PUBLISHED

Assigner: ENISA

Published:

Updated: 2026-07-02T12:15:49.245Z

Reserved: 2026-06-10T21:38:14.592Z

Link: CVE-2026-11946

cve-icon Vulnrichment

Updated: 2026-07-02T12:15:44.059Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-07-02T10:54:17Z

Links: CVE-2026-11946 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T12:45:03Z

Weaknesses