QSearchQSearch

CVE-2026-10825

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests

Published: 2026-06-16 · Last updated: 2026-06-16

Severity and scoring

CWE
CWE-1287

Description

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-9753 The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to re... (8.1 HIGH)
  • CVE-2026-9742 When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" ... (7.5 HIGH)
  • CVE-2026-11460 A flaw has been found in Boost Serialization up to 1.91 (7.3 HIGH)
  • CVE-2024-6858 In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL c... (6.5 MEDIUM)
  • CVE-2026-49941 Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses (7.5 HIGH)