MEDIUM
o6 Automation GmbH
CVE published 2026-02-05
CVE-2026-1301
CISA’s CSAF advisory for Open62541 says that, in builds with PubSub and JSON enabled, a crafted JSON message can make the decoder write beyond a heap-allocated array before authentication. The result is a reliable process crash and memory corruption risk. CISA assigns CVSS v3.1 5.7 (MEDIUM) and recommends upgrading to stable release v1.5.0.