Description
Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding.

This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.
Published: 2026-04-30
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

MeWare Software Development Inc. PDKS has an improper rate limiting weakness (CWE‑799) that permits an attacker to flood the system with requests. This can exhaust resources, degrade performance, or render the service unavailable. The likely attack vector is remote, though the description does not explicitly state it, so the inference is based on the nature of a flooding vulnerability.

Affected Systems

Products affected are MeWare Software Development Inc. PDKS for all releases from V16.20200313 up to, but not including, VMYR_3.5.2025117.

Risk and Exploitability

The CVSS score of 8.1 indicates a high severity. EPSS is not available, so the probability of exploitation cannot be quantified, and the vulnerability is not listed in the CISA KEV catalog. The lack of a publicly disclosed fix suggests that exploitation via remote flooding remains a realistic threat, especially in environments where the affected PDKS is exposed to untrusted networks.

Generated by OpenCVE AI on May 1, 2026 at 05:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to PDKS VMYR_3.5.2025117 or a later release that removes the rate‑limiting flaw.
  • If an upgrade is not immediately possible, enforce network‑level rate limiting or traffic shaping on the endpoints that communicate with PDKS to throttle excessive requests.
  • Continuously monitor system logs and metrics for abnormal traffic patterns and configure alerts to detect potential flooding attempts.

Generated by OpenCVE AI on May 1, 2026 at 05:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Meware Software Development
Meware Software Development pdks
Vendors & Products Meware Software Development
Meware Software Development pdks

Thu, 30 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
Description Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.
Title Improper Rate Limiting in MeWare Software's PDKS
Weaknesses CWE-799
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

Subscriptions

Meware Software Development Pdks
cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-04-30T13:13:34.890Z

Reserved: 2026-04-29T12:42:30.229Z

Link: CVE-2026-7402

cve-icon Vulnrichment

Updated: 2026-04-30T13:13:31.234Z

cve-icon NVD

Status : Deferred

Published: 2026-04-30T13:16:06.597

Modified: 2026-04-30T15:09:03.710

Link: CVE-2026-7402

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T08:21:21Z

Weaknesses