CVE Catalog

CVE-2026-10825

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

22th percentile — higher than 22% of all known CVEs

Summary

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.

Risk Assessment

This vulnerability can lead to service outages, affecting the availability of systems within the organization. Low-privileged attackers may exploit this flaw to disrupt device operations.

Recommendation

It is recommended to implement additional validation and handling of JSON requests in the WebSocket API to minimize the risk of attacks. Monitoring logs for suspicious activities is also advised.

Original NVD description (English source)

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS