Description
A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib_worker_loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The manipulation results in denial of service. The vendor was contacted early about this disclosure.
Published: 2026-05-10
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is located in the vlib_worker_loop function of the libvlib.so library used by Dotouch XproUPF’s UPF Process component. A maliciously crafted input can trigger the loop into an inconsistent state, causing the entire process to halt and resulting in a denial of service. The weakness corresponds to CWE-404 "Removal of Unnecessary Functionality," indicating supervisory calls are improperly handled.

Affected Systems

Dotouch XproUPF version 2.0.0-release-088aa7c4, specifically the UPF Process module located at /usr/xpro/upf/tools/libs/libvlib.so. No other vendors or product versions are listed as affected in the CNA data.

Risk and Exploitability

The CVSS score of 5.1 classifies the flaw as moderate severity. EPSS is not available, so the current exploitation probability is unknown. The flaw is not listed in the CISA KEV catalog, suggesting no confirmed exploitation in the wild. The exact attack vector is not fully detailed, but manipulation of the UPF Process input implies that a local or privileged attacker could trigger the denial of service. Until a vendor patch is released, the risk remains that an attacker could disrupt service availability.

Generated by OpenCVE AI on May 10, 2026 at 07:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify if a vendor‑issued security patch or newer release of Dotouch XproUPF is available and apply it promptly.
  • If no patch is available, restrict access to the UPF Process component to trusted hosts and consider placing it behind a firewall or network segmentation to limit the potential attacker scope.
  • Monitor the UPF Process logs for abnormal termination events and schedule regular restarts to mitigate any potential service interruption until a patch is applied.

Generated by OpenCVE AI on May 10, 2026 at 07:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 10 May 2026 06:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib_worker_loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The manipulation results in denial of service. The vendor was contacted early about this disclosure.
Title Dotouch XproUPF UPF Process libvlib.so vlib_worker_loop denial of service
Weaknesses CWE-404
References
Metrics cvssV2_0

{'score': 2.7, 'vector': 'AV:A/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-10T05:15:07.989Z

Reserved: 2026-05-09T09:29:33.995Z

Link: CVE-2026-8232

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-10T06:16:08.827

Modified: 2026-05-10T06:16:08.827

Link: CVE-2026-8232

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T07:30:05Z

Weaknesses