PT-2026-1016 · Unknown · Signal K Server

Published

2026-01-01

Updated

2026-01-06

CVE-2025-68272

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.19.0

Description Signal K Server is a server application used on boats. A Denial of Service (DoS) condition can occur in versions prior to 2.19.0. An unauthenticated attacker can crash the server by sending a large number of requests to the access request endpoint, /signalk/v1/access/requests. This results in a "JavaScript heap out of memory" error because the server stores request objects in memory without limits.

Recommendations Update to version 2.19.0 or later.

Exploit

Fix

DoS

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

CVE-2025-68272

GHSA-7RQC-FF8M-7J23

Affected Products

Signal K Server

PT-2026-1016 · Unknown · Signal K Server

CVE-2025-68272

Weakness Enumeration

Related Identifiers

Affected Products

References · 15