PatchSiren cyber security CVE debrief
CVE-2026-10825 Moxa CVE debrief
A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.
- Vendor
- Moxa
- Product
- NPort 6000-G2 Series
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of WebSocket API implementations that do not properly validate and handle JSON-based requests should be concerned about this vulnerability.
Technical summary
The vulnerability has a CVSS score of 7.1 and is considered HIGH severity. It can be exploited by a low-privileged authenticated attacker sending a specially crafted request.
Defensive priority
HIGH
Recommended defensive actions
- Implement proper validation and handling of JSON-based requests in the WebSocket API.
- Restrict access to the WebSocket API to only trusted users and networks.
- Monitor WebSocket API traffic for suspicious activity.
Evidence notes
The CVE record was published on 2026-06-16T10:16:26.670Z and has not been modified since then. The vulnerability is associated with CWE-1287.
Official resources
-
CVE-2026-10825 CVE record
CVE.org
-
CVE-2026-10825 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-10825 was published on 2026-06-16T10:16:26.670Z.