CVE-2026-42127
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion.
Risk Assessment
The organization is at risk of a DoS attack that can crash the dashboard system, blocking access to data and disrupting services. No authentication is required, increasing the exposure.
Recommendation
Immediately implement request body size limits for the public dashboard endpoint and consider adding rate-limiting and memory monitoring mechanisms.
Original NVD description (English source)
The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access token or authentication is required to exploit this vulnerability.

