CVE Catalog

CVE-2026-42127

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.43%

35th percentile — higher than 35% of all known CVEs

Summary

The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion.

Risk Assessment

The organization is at risk of a DoS attack that can crash the dashboard system, blocking access to data and disrupting services. No authentication is required, increasing the exposure.

Recommendation

Immediately implement request body size limits for the public dashboard endpoint and consider adding rate-limiting and memory monitoring mechanisms.

Original NVD description (English source)

The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access token or authentication is required to exploit this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS