o6 Automation GmbH Open62541 PubSub and JSON Enabled Out-of-Bounds Write Vulnerability

Vulnerability

A vulnerability exists in o6 Automation GmbH Open62541 versions 1.5-rc1 prior to 1.5-rc2, when PubSub and JSON are enabled. A crafted JSON message can lead to an out-of-bounds write, causing the decoder to overwrite memory beyond a heap-allocated array. This issue occurs before authentication, consistently crashing the process and corrupting memory.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition and memory corruption.

Added: Feb 5, 2026, 7:23 PM

Updated: Feb 5, 2026, 8:50 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.0

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.0

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

o6 Automation GmbH Open62541 PubSub and JSON Enabled Out-of-Bounds Write Vulnerability

Vulnerability

Impact

Affected Products

o6 Automation GmbH Open62541

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating