CVE-2026-35227
Published: 12 May 2026
Summary
CVE-2026-35227 is a high-severity Missing Release of Resource after Effective Lifetime (CWE-772) vulnerability in Certvde (inferred from references). Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 27.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-29390
Vulnerability details
An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability description directly describes remote exploitation of a race condition leading to TCP connection exhaustion and denial of service to legitimate clients, mapping to application/system exploitation for endpoint DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Ensures network resources are released once the session ends or becomes inactive, closing the window for missing-release weaknesses.