Back to search
CVE-2026-1301
Published: Feb 5, 2026
Modified: Feb 5, 2026
PUBLISHED
Description
In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.
| Vendor | Product | Versions |
|---|---|---|
o6 Automation GmbH | Open62541 | affected 1.5-rc1 - < 1.5-rc2 |
Weaknesses (CWE)
References
https://www.cisa.gov/news-events/ics-advisories/icsa-26-036-03
government-resource
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now