HIGH SeverityCVSS 4.08.2CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVE-2026-35227

Last updated May 12, 2026 · Published May 12, 2026

Description

An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.

Affected products

1 listed

CODESYS:CODESYS Modbus

Mappings

CWE

CWE-772

CAPEC

None listed.

Guides

Rate Limiting in Node.jsPatterns for APIs, login endpoints, and abuse control.

Training

API Design That Defends ItselfREST, GraphQL, and gRPC patterns that reduce your attack surface by design.

CVE-2026-35227

Description

Affected products

Mappings

Related