CVE-2026-8806
HighCVSS 8.7Exploitation Probability (EPSS)
Low risk28th percentile - higher than 28% of all known CVEs
Summary
The CVE-2026-8806 vulnerability in the FX5-ENET/IP Ethernet module of Mitsubishi Electric's MELSEC iQ-F series allows a remote attacker to cause a denial-of-service (DoS) condition by continuously sending a large number of communication packets in a short period, leading to product processing overload.
Risk Assessment
This vulnerability can result in the disruption of the device's communication function, potentially affecting the operational continuity of industrial systems within the organization.
Recommendation
It is recommended to monitor network traffic and implement mechanisms to limit the number of packets sent to the Ethernet port to minimize the risk of DoS attacks.
Original NVD description (English source)
Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time, increasing the processing load of the product, preventing the internal anomaly-detection processing from being performed, and causing the communication function to stop.

