{“lastseen”:””,”description”:”The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device.”,”published”:”2026-05-26T06:49:54.813Z”,”modified”:”2026-05-26T06:49:54.813Z”,”type”:”cve”,”title”:”Out-of-bounds Write in CODESYS Control”,”source”:”CERTVDE”,”references”:”https:\/\/www.certvde.com\/en\/advisories\/VDE-2026-057\/”,”id”:”CVE-2026-8047″,”bulletinFamily”:””,”cwe”:[“CWE-1284″],”cvelist”:null,”sourceData”:”CODESYS CODESYS Control RTE (SL) 3.5.21.0\\nCODESYS CODESYS Control RTE (for Beckhoff CX) SL 3.5.21.0\\nCODESYS CODESYS Control Win (SL) 3.5.21.0\\nCODESYS CODESYS HMI (SL) 3.5.21.0\\nCODESYS CODESYS Runtime Toolkit 3.5.21.0\\nCODESYS CODESYS Control for BeagleBone SL 4.15.0.0\\nCODESYS CODESYS Control for emPC-A\/iMX6 SL 4.15.0.0\\nCODESYS CODESYS Control for IOT2000 SL 4.15.0.0\\nCODESYS CODESYS Control for Linux ARM SL 4.15.0.0\\nCODESYS CODESYS Control for Linux SL 4.15.0.0\\nCODESYS CODESYS Control for PFC100 SL 4.15.0.0\\nCODESYS CODESYS Control for PFC200 SL 4.15.0.0\\nCODESYS CODESYS Control for PLCnext SL 4.15.0.0\\nCODESYS CODESYS Control for Raspberry Pi SL 4.15.0.0\\nCODESYS CODESYS Control for WAGO Touch Panels 600 SL 0.0.0\\nCODESYS CODESYS Virtual Control SL 4.15.0.0″,”sourceHref”:””,”cvss”:{“score”:8.7,”severity”:”HIGH”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:N\/VI:N\/VA:H\/SC:N\/SI:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”CODESYS Control RTE (SL)”,”version”:”3.5.21.0″,”vendor”:”CODESYS”,”ai_description”:”Out-of-bounds write vulnerability in CODESYS Control products, allowing remote attackers to cause a denial of service via system crash”,”ai_severity”:”High”,”ai_vendor”:”3S-Smart Software Solutions GmbH”,”ai_product”:”CODESYS Control”,”ai_version”:”3.5.21.0, 4.15.0.0″,”ai_score”:8.7}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,19,12,15,13,7,11,5],"class_list":["post-56891","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-87","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n