CVE-2026-10825
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.
Risk Assessment
This vulnerability can lead to service outages, affecting the availability of systems within the organization. Low-privileged attackers may exploit this flaw to disrupt device operations.
Recommendation
It is recommended to implement additional validation and handling of JSON requests in the WebSocket API to minimize the risk of attacks. Monitoring logs for suspicious activities is also advised.
Original NVD description (English source)
A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.

