CVE-2026-33592: CWE-770 Allocation of resources without limits or throttling in open62541 project / o6 Automation GmbH open62541
CVE-2026-33592 is a high-severity vulnerability in the open62541 project that allows an unauthenticated remote attacker to exhaust server memory via the FindServers Discovery Service. The vulnerability arises because the serverUris field in FindServersRequest is not validated for length or array size, enabling an attacker to send an arbitrarily large string in chunks without completing the transmission. This causes the server to buffer all chunks in RAM indefinitely until the SecureChannel times out. The attack occurs before session establishment and bypasses encryption configurations. Affected versions include 1.4.0 through 1.4.16 and 1.5.0 through 1.5.4, as well as the master branch.
AI Analysis
Technical Summary
The open62541 project is affected by a resource exhaustion vulnerability (CWE-770) due to improper validation of the serverUris field in the FindServers Discovery Service request. An unauthenticated attacker can send a very large string (up to approximately 3.9 GB) in multiple chunks without completing the final chunk. The server buffers these chunks in memory indefinitely until the SecureChannel times out, leading to potential denial of service via memory exhaustion. This vulnerability affects versions from 1.4.0 through 1.4.16, 1.5.0 through 1.5.4, and the master branch. The attack is pre-session and bypasses encryption, requiring no privileges or user interaction. No official patch or remediation level has been published as of the data provided.
Potential Impact
The vulnerability allows an unauthenticated remote attacker to cause a denial of service by exhausting server memory resources. This can disrupt the availability of the open62541 server by causing it to consume excessive RAM, potentially leading to crashes or degraded performance. There is no impact on confidentiality or integrity reported. The attack bypasses encryption and session establishment, making it easier to exploit remotely.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider implementing network-level protections such as rate limiting or filtering to restrict access to the FindServers Discovery Service. Monitor for unusual traffic patterns that may indicate exploitation attempts. Avoid exposing the service to untrusted networks where possible.
CVE-2026-33592: CWE-770 Allocation of resources without limits or throttling in open62541 project / o6 Automation GmbH open62541
Description
CVE-2026-33592 is a high-severity vulnerability in the open62541 project that allows an unauthenticated remote attacker to exhaust server memory via the FindServers Discovery Service. The vulnerability arises because the serverUris field in FindServersRequest is not validated for length or array size, enabling an attacker to send an arbitrarily large string in chunks without completing the transmission. This causes the server to buffer all chunks in RAM indefinitely until the SecureChannel times out. The attack occurs before session establishment and bypasses encryption configurations. Affected versions include 1.4.0 through 1.4.16 and 1.5.0 through 1.5.4, as well as the master branch.
CVSS v3.1
Score 7.5high
Affected software
pkg:github/open62541/open62541Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The open62541 project is affected by a resource exhaustion vulnerability (CWE-770) due to improper validation of the serverUris field in the FindServers Discovery Service request. An unauthenticated attacker can send a very large string (up to approximately 3.9 GB) in multiple chunks without completing the final chunk. The server buffers these chunks in memory indefinitely until the SecureChannel times out, leading to potential denial of service via memory exhaustion. This vulnerability affects versions from 1.4.0 through 1.4.16, 1.5.0 through 1.5.4, and the master branch. The attack is pre-session and bypasses encryption, requiring no privileges or user interaction. No official patch or remediation level has been published as of the data provided.
Potential Impact
The vulnerability allows an unauthenticated remote attacker to cause a denial of service by exhausting server memory resources. This can disrupt the availability of the open62541 server by causing it to consume excessive RAM, potentially leading to crashes or degraded performance. There is no impact on confidentiality or integrity reported. The attack bypasses encryption and session establishment, making it easier to exploit remotely.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider implementing network-level protections such as rate limiting or filtering to restrict access to the FindServers Discovery Service. Monitor for unusual traffic patterns that may indicate exploitation attempts. Avoid exposing the service to untrusted networks where possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- ENISA
- Date Reserved
- 2026-03-23T12:53:47.475Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a46150227e9c79719683b17
Added to database: 07/02/2026, 07:36:34 UTC
Last enriched: 07/02/2026, 07:51:19 UTC
Last updated: 07/02/2026, 08:41:15 UTC
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.