CVE Catalog

CVE-2026-8806

HighCVSS 8.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

28th percentile - higher than 28% of all known CVEs

Summary

The CVE-2026-8806 vulnerability in the FX5-ENET/IP Ethernet module of Mitsubishi Electric's MELSEC iQ-F series allows a remote attacker to cause a denial-of-service (DoS) condition by continuously sending a large number of communication packets in a short period, leading to product processing overload.

Risk Assessment

This vulnerability can result in the disruption of the device's communication function, potentially affecting the operational continuity of industrial systems within the organization.

Recommendation

It is recommended to monitor network traffic and implement mechanisms to limit the number of packets sent to the Ethernet port to minimize the risk of DoS attacks.

Original NVD description (English source)

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time, increasing the processing load of the product, preventing the internal anomaly-detection processing from being performed, and causing the communication function to stop.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS