Home

Description

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device.

PUBLISHED Reserved 2026-05-06 | Published 2026-05-26 | Updated 2026-05-26 | Assigner CERTVDE




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-1284 Improper Validation of Specified Quantity in Input

Product status

Default status
unaffected

3.5.21.0 (semver) before 3.5.22.20
affected

Default status
unaffected

3.5.21.0 (semver) before 3.5.22.20
affected

Default status
unaffected

3.5.21.0 (semver) before 3.5.22.20
affected

Default status
unaffected

3.5.21.0 (semver) before 3.5.22.20
affected

Default status
unaffected

3.5.21.0 (semver) before 3.5.22.20
affected

Default status
unaffected

4.15.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

0.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.21.0.0
affected

References

www.certvde.com/en/advisories/VDE-2026-057/

cve.org (CVE-2026-8047)

nvd.nist.gov (CVE-2026-8047)

Download JSON