CVE-2026-11576
CVE-2026-11576 is a high-severity vulnerability in Eclipse Threadx Netx Duo with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-459.
Key facts
- Severity: High (CVSS 3.x base score 7.5)
- EPSS exploit prediction: 0% (18th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-37999
- Weakness: CWE-459
- Affected product: Eclipse Threadx Netx Duo
- Published:
- Last modified:
Description
The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fx_file_close() even when the file was never successfully opened. Multiple error branches jump to the shared cleanup label before any file open operation has occurred, causing fx_file_close() to operate on an uninitialized file handle, leading to undefined behavior, double-close issues, or memory corruption.
Frequently asked questions
- What is CVE-2026-11576?
- The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fx_file_close() even when the file was never successfully opened. Multiple error branches jump to the shared cleanup label before any file open operation has occurred, causing fx_file_close() to operate on an uninitialized file handle, leading to undefined behavior, double-close issues, or memory corruption.
- How severe is CVE-2026-11576?
- CVE-2026-11576 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2026-11576 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (18th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2026-11576?
- CVE-2026-11576 affects Eclipse Threadx Netx Duo. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2026-11576?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2026-11576 have an EU (EUVD) identifier?
- Yes. CVE-2026-11576 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-37999.
- When was CVE-2026-11576 published?
- CVE-2026-11576 was published on 2026-06-19 and last updated on 2026-07-02.
References
Affected products (1)
- cpe:2.3:a:eclipse:threadx_netx_duo:*:*:*:*:*:*:*:*
More vulnerabilities in Eclipse Threadx Netx Duo
- CVE-2025-55086 — Critical (CVSS 9.8): In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there…
- CVE-2025-55081 — Critical (CVSS 9.1): In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function…
- CVE-2025-55102 — High (CVSS 7.5): A denial-of-service vulnerability exists in the NetX IPv6 component functionality of Eclipse ThreadX NetX Duo. A…
- CVE-2025-55085 — High (CVSS 7.5): In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the…
- CVE-2025-55094 — High (CVSS 7.5): In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of…
- CVE-2025-55087 — High (CVSS 7.5): In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an…
All CVEs affecting Eclipse Threadx Netx Duo →
Other CWE-459 vulnerabilities
- CVE-2023-36468 — Critical (CVSS 9.9): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki…
- CVE-2022-45347 — Critical (CVSS 9.8): Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session…
- CVE-2021-45330 — Critical (CVSS 9.8): An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies…
- CVE-2021-45706 — Critical (CVSS 9.8): An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum.
- CVE-2021-32928 — Critical (CVSS 9.8): The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License…
- CVE-2020-13451 — Critical (CVSS 9.8): An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to…