An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string (up to ~3.9 GB) delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out. The attack is pre-session and bypasses all encryption configuration. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.
History

Mon, 06 Jul 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Open62541 Project / O6 Automation Gmbh
Open62541 Project / O6 Automation Gmbh open62541
Vendors & Products Open62541 Project / O6 Automation Gmbh
Open62541 Project / O6 Automation Gmbh open62541

Thu, 02 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 02 Jul 2026 07:30:00 +0000

Type Values Removed Values Added
Description An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string (up to ~3.9 GB) delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out. The attack is pre-session and bypasses all encryption configuration. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.
Title FindServers Memory Exhaustion in open62541
Weaknesses CWE-770
CWE-789
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ENISA

Published: 2026-07-02T07:12:24.250Z

Updated: 2026-07-02T12:30:18.800Z

Reserved: 2026-03-23T12:53:47.475Z

Link: CVE-2026-33592

cve-icon Vulnrichment

Updated: 2026-07-02T12:29:42.817Z

cve-icon NVD

No data.

cve-icon Redhat

No data.