Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-8806

Summary
Assigner-Mitsubishi
Assigner Org ID-e0f77b61-78fd-4786-b3fb-1ee347a748ad
Published At-19 Jun, 2026 | 02:31
Updated At-22 Jun, 2026 | 14:46
Rejected At-
Credits

Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series FX5-ENET/IP Ethernet module

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time, increasing the processing load of the product, preventing the internal anomaly-detection processing from being performed, and causing the communication function to stop.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Mitsubishi
Assigner Org ID:e0f77b61-78fd-4786-b3fb-1ee347a748ad
Published At:19 Jun, 2026 | 02:31
Updated At:22 Jun, 2026 | 14:46
Rejected At:
▼CVE Numbering Authority (CNA)
Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series FX5-ENET/IP Ethernet module

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time, increasing the processing load of the product, preventing the internal anomaly-detection processing from being performed, and causing the communication function to stop.

Affected Products
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP
Default Status
unaffected
Versions
Affected
  • All versions
Problem Types
TypeCWE IDDescription
CWECWE-440CWE-440 Expected Behavior Violation
Type: CWE
CWE ID: CWE-440
Description: CWE-440 Expected Behavior Violation
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
N/ADenial-of-service (DoS)
CAPEC ID: N/A
Description: Denial-of-service (DoS)
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-003_en.pdf
vendor-advisory
https://jvn.jp/vu/JVNVU97140216/
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-06
government-resource
Hyperlink: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-003_en.pdf
Resource:
vendor-advisory
Hyperlink: https://jvn.jp/vu/JVNVU97140216/
Resource:
government-resource
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-06
Resource:
government-resource
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Published At:19 Jun, 2026 | 03:16
Updated At:22 Jun, 2026 | 19:49

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time, increasing the processing load of the product, preventing the internal anomaly-detection processing from being performed, and causing the communication function to stop.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
N/A
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-440SecondaryMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
CWE ID: CWE-440
Type: Secondary
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://jvn.jp/vu/JVNVU97140216/Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-06Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
N/A
https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-003_en.pdfMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
N/A
Hyperlink: https://jvn.jp/vu/JVNVU97140216/
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-06
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource: N/A
Hyperlink: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-003_en.pdf
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4Records found

CVE-2026-8805
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.7||HIGH
EPSS-0.38% / 29.88%
||
7 Day CHG~0.00%
Published-19 Jun, 2026 | 02:26
Updated-22 Jun, 2026 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series EtherNet/IP module

Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection management process and triggering improper memory access.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-1874
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.7||HIGH
EPSS-0.42% / 33.89%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 06:46
Updated-04 May, 2026 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series EtherNet/IP module and Ethernet module

Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-f_fx5-eip_firmwaremelsec_iq-f_fx5-enet\/ip_firmwaremelsec_iq-f_fx5-eipmelsec_iq-f_fx5-enet\/ipMELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIPMELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP
CWE ID-CWE-670
Always-Incorrect Control Flow Implementation
CVE-2026-1875
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.7||HIGH
EPSS-0.43% / 34.29%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 06:54
Updated-30 Apr, 2026 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series EtherNet/IP module

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-f_fx5-eip_firmwaremelsec_iq-f_fx5-eipMELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-1876
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.7||HIGH
EPSS-0.43% / 34.29%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 07:03
Updated-30 Apr, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series Ethernet module

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-f_fx5-enet\/ip_firmwaremelsec_iq-f_fx5-enet\/ipMELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP
CWE ID-CWE-404
Improper Resource Shutdown or Release
Details not found