CVE-2026-51539
libmodbus · libmodbus
A Denial of Service vulnerability in libmodbus 3.1.12 on Windows arises from improper timeout management in the receive loop, allowing attackers to block communication.
Executive summary
A high-severity Denial of Service vulnerability in libmodbus 3.1.12 on Windows can allow remote attackers to disrupt industrial communication flows.
Vulnerability
This issue is a Denial of Service vulnerability located in the message receive logic, specifically within the _modbus_receive_msg function. An unauthenticated attacker can exploit improper timeout handling during network read operations to keep the server blocked in the receive path, preventing it from processing legitimate Modbus requests.
Business impact
The CVSS score of 7.5 indicates a high severity risk. Successful exploitation results in a Denial of Service condition, which can cause significant operational downtime for industrial systems relying on Modbus communication. This disruption can lead to loss of visibility or control over critical processes, potentially impacting business continuity.
Remediation
Immediate Action: Monitor the vendor advisory at https://github.com/advisories/GHSA-4fx8-wmg3-693v for the release of a patch and apply it immediately upon availability.
Proactive Monitoring: Inspect network traffic for anomalous Modbus communication patterns and review system logs for recurring timeout errors or blocked connections.
Compensating Controls: Implement network segmentation to restrict access to Modbus-enabled devices to trusted hosts only, reducing the attack surface.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Given the potential for operational disruption in industrial environments, organizations should prioritize monitoring for updates from the vendor. Until a patch is issued, administrators must restrict network access to affected systems to mitigate the risk of remote exploitation.