CVE-2026-23689
7.7 HIGHPublished 2026-02-10 · Modified 2026-02-10 · Received
Quick Summary
An authenticated user can crash the system by repeatedly calling a specific function with a very large number. This causes the system to get stuck in a long loop, using up all its resources and making it unavailable.
Who is affected
Any system with this vulnerability is affected. An attacker with a normal user account can cause a complete denial of service, making the system unusable for everyone.
Recommended fix
Apply the vendor's security patch immediately. If a patch is not available, restrict network access to the vulnerable function module as a temporary workaround.
Technical Description
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE
CWE-606