{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "extracted_events": [
              {
                "introduced": "1.4.0"
              },
              {
                "fixed": "1.4.16"
              },
              {
                "introduced": "1.5.0"
              },
              {
                "fixed": "1.5.4"
              }
            ],
            "source": "DESCRIPTION"
          },
          "events": [
            {
              "introduced": "84347820c8550b5750f2cd581c14ab201611c579"
            },
            {
              "fixed": "f63e2a819aff6e468242dc2e54ccbd5b75d63654"
            },
            {
              "introduced": "b90fbfac5ef484089447bf5e3fe6ad7baaaebada"
            },
            {
              "fixed": "dfd44a234645ed29cc6d190048bc8ae80c5454cd"
            }
          ],
          "repo": "https://github.com/open62541/open62541",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {},
  "details": "An unauthenticated remote attacker can exhaust\nserver memory via the FindServers Discovery Service in open62541. The\nserverUris field of FindServersRequest is not validated for length or array\nsize. An attacker can declare an arbitrarily large string (up to ~3.9 GB)\ndelivered across intermediate chunks without ever sending the final chunk. The\nserver buffers all chunks in RAM indefinitely until the SecureChannel times\nout. The attack is pre-session and bypasses all encryption configuration. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.",
  "id": "CVE-2026-33592",
  "modified": "2026-07-08T05:38:25.805899926Z",
  "published": "2026-07-02T08:16:39.230Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/open62541/open62541/pull/8142/changes/d253818d6c5e870e1db0e360b18138c8bdc809ae"
    },
    {
      "type": "FIX",
      "url": "https://github.com/open62541/open62541/pull/8142"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/open62541/open62541"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}