{"id":81372,"date":"2026-07-02T10:42:24","date_gmt":"2026-07-02T07:12:24","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-33592-findservers-memory-exhaustion-in-open62541\/"},"modified":"2026-07-02T10:42:24","modified_gmt":"2026-07-02T07:12:24","slug":"cve-2026-33592-findservers-memory-exhaustion-in-open62541","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-33592-findservers-memory-exhaustion-in-open62541\/","title":{"rendered":"CVE-2026-33592 &#8211; FindServers Memory Exhaustion in open62541"},"content":{"rendered":"<p>CVE ID :CVE-2026-33592<\/p>\n<p>  Published : July 2, 2026, 7:12 a.m. | 34\u00a0minutes ago<\/p>\n<p>  Description :An unauthenticated remote attacker can exhaust<br \/>\nserver memory via the FindServers Discovery Service in open62541. The<br \/>\nserverUris field of FindServersRequest is not validated for length or array<br \/>\nsize. An attacker can declare an arbitrarily large string (up to ~3.9 GB)<br \/>\ndelivered across intermediate chunks without ever sending the final chunk. The<br \/>\nserver buffers all chunks in RAM indefinitely until the SecureChannel times<br \/>\nout. The attack is pre-session and bypasses all encryption configuration. The\u00a0issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.<\/p>\n<p>  Severity: 7.5 | HIGH<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-33592 Published : July 2, 2026, 7:12 a.m. | 34\u00a0minutes ago Description :An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string (up to ~3.9 GB) delivered &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-81372","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/81372","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=81372"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/81372\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=81372"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=81372"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=81372"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}