UBUNTU-CVE-2026-15690

Source
https://ubuntu.com/security/CVE-2026-15690
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-15690.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-15690
Upstream
Published
2026-07-14T12:16:00Z
Modified
2026-07-15T19:46:14.394339830Z
Severity
  • 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
  • 1.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

A vulnerability was identified in open62541 up to 1.5.5. Affected by this issue is the function responseReadNamespacesArray of the file src/client/uaclientconnect.c of the component Shared Client Library. Such manipulation of the argument Server_NamespaceArray leads to null pointer dereference. The attack can be executed remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit is publicly available and might be used. The project closed the issue report, stating that this is not the official way to report a security vulnerability.

References

Affected packages

Ubuntu:26.04:LTS / open62541

Package

Name
open62541
Purl
pkg:deb/ubuntu/open62541?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.4.11.1-1
1.4.11.1-1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.4.11.1-1build1",
            "binary_name": "libopen62541-1.4"
        },
        {
            "binary_version": "1.4.11.1-1build1",
            "binary_name": "libopen62541-1.4-tools"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-15690.json"