CVE-2026-10831

Summary

A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.

Affected Software

VendorProductVersion RangeStatus
MoxaNPort 6000 Series1.0 <= 2.3affected
MoxaCN2600 Series1.0 <= 4.6affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References