CVE-2026-35225
CVE-2026-35225 is a high-severity vulnerability with a CVSS 4.0 base score of 8.7. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-754.
Key facts
- Severity: High (CVSS 4.0 base score 8.7)
- EPSS exploit prediction: 0% (34th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-25222
- Weakness: CWE-754
- Published:
- Last modified:
Description
An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.
Frequently asked questions
- What is CVE-2026-35225?
- An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.
- How severe is CVE-2026-35225?
- CVE-2026-35225 has a CVSS 4.0 base score of 8.7, rated high severity.
- Is CVE-2026-35225 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (34th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2026-35225?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2026-35225 have an EU (EUVD) identifier?
- Yes. CVE-2026-35225 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-25222.
- When was CVE-2026-35225 published?
- CVE-2026-35225 was published on 2026-04-23 and last updated on 2026-06-17.
References
- https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-2026-040.json
- https://www.certvde.com/en/advisories/VDE-2026-040/
Other CWE-754 (Improper Check for Unusual or Exceptional Conditions) vulnerabilities
- CVE-2026-24054 — Critical (CVSS 10.0): Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs)…
- CVE-2021-0211 — Critical (CVSS 10.0): An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing…
- CVE-2026-8091 — Critical (CVSS 9.8): Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150,…
- CVE-2024-52316 — Critical (CVSS 9.8): Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta…
- CVE-2024-7826 — Critical (CVSS 9.8): Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows,…
- CVE-2023-37303 — Critical (CVSS 9.8): An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to…
Browse all CWE-754 (Improper Check for Unusual or Exceptional Conditions) vulnerabilities →