Description
In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.
Published: 2026-02-05
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption
Action: Patch
AI Analysis

Impact

In builds of Open62541 that include PubSub and JSON support, a specially crafted JSON message triggers the decoder to write beyond a heap‑allocated array before any authentication check, resulting in a process crash and memory corruption.

Affected Systems

The Open62541 library from o6 Automation GmbH is affected. Versions released prior to the stable 1.5.0 release are susceptible when PubSub and JSON features are enabled. The precise affected revision range is not published, but all builds before 1.5.0 with the mentioned modules are presumed vulnerable.

Risk and Exploitability

The CVSS score of 6.8 marks the issue as moderate, while the EPSS score of less than 1% indicates a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote: an attacker can send a crafted JSON message over the network to a vulnerable Open62541 instance before authentication, which triggers the out‑of‑bounds write and causes a crash and memory corruption.

Generated by OpenCVE AI on April 18, 2026 at 13:40 UTC.

Remediation

Vendor Solution

o6 Automation GmbH recommends users upgrade to the stable release of v1.5.0.

OpenCVE Recommended Actions

  • Upgrade the Open62541 library to version 1.5.0 or newer, which removes the decoder bug.
  • Disable the PubSub or JSON modules if they are not required for your deployment to eliminate the attack surface.
  • Configure host‑based or network firewalls to restrict unsolicited JSON traffic to the Open62541 service.

Generated by OpenCVE AI on April 18, 2026 at 13:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 06 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Open62541
Open62541 open62541
Vendors & Products Open62541
Open62541 open62541

Thu, 05 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Description In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.
Title Out-of-bounds Write in o6 Automation GmbH Open62541
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Open62541 Open62541
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-02-05T20:23:12.378Z

Reserved: 2026-01-21T18:52:45.866Z

Link: CVE-2026-1301

cve-icon Vulnrichment

Updated: 2026-02-05T20:23:06.601Z

cve-icon NVD

Status : Deferred

Published: 2026-02-05T19:15:55.983

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1301

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T13:45:45Z

Weaknesses