CVE-2026-10825

Summary

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.

Affected Software

VendorProductVersion RangeStatus
MoxaNPort 6000-G2 Series1.0 <= 1.1.0affected
MoxaNPort 6000-G2 Series1.2.0unaffected

Weaknesses

  • CWE-1287: CWE-1287: Improper Validation of Specified Type of Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References