Signal K Server DoS: Unauthenticated ReDoS Attack Hits Marine Systems

/HIGH /CVSS 7.5/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitydenial-of-servicecwe-400cwe-1333
Signal K Server DoS: Unauthenticated ReDoS Attack Hits Marine Systems

The National Vulnerability Database has disclosed CVE-2026-39320, a high-severity (CVSS 7.5) unauthenticated Regular Expression Denial of Service (ReDoS) vulnerability impacting Signal K Server versions prior to 2.25.0. This server application, commonly found on boats as a central hub for marine data, is susceptible via its WebSocket subscription handling logic.

Attackers can exploit this by injecting unescaped regex metacharacters into the context parameter of a stream subscription. This forces the server’s Node.js event loop into a catastrophic backtracking loop when processing long string identifiers, such as the server’s own UUID. The result is a complete Denial of Service, with the server CPU spiking to 100% and becoming unresponsive to all API and socket requests.

This isn’t just a nuisance; it’s a critical operational risk for any vessel relying on Signal K. An unauthenticated DoS means an attacker doesn’t need prior access or credentials. For defenders, this means immediate patching is non-negotiable. Version 2.25.0 contains the fix, so prioritize this update to prevent total system outages on affected marine platforms.

What This Means For You

  • If your organization operates or manages marine systems utilizing Signal K Server, you must immediately verify your version. Patching to version 2.25.0 or newer is critical to prevent unauthenticated Denial of Service attacks that can completely incapacitate your central marine data hub.

Related ATT&CK Techniques

T1499 Denial of Service Impact

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1499 Impact

CVE-2026-39320: Signal K Server WebSocket Subscription ReDoS Exploit Attempt

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-39320 DoS Signal K Server versions prior to 2.25.0
CVE-2026-39320 DoS Unauthenticated Regular Expression Denial of Service (ReDoS)
CVE-2026-39320 DoS WebSocket subscription handling logic, 'context' parameter

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 21, 2026 at 04:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6675 — The Responsive Blocks – Page Builder for Blocks & Patterns

CVE-2026-6675 — The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions...

vulnerabilityCVEmedium-severitycwe-20
/SCW Vulnerability Desk /MEDIUM /5.3 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-6674 — SQL Injection

CVE-2026-6674 — The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to,...

vulnerabilityCVEmedium-severitysql-injectioncwe-89
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 3 Sigma

FreeScout CSS Injection Allows Privilege Escalation

CVE-2026-40497 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's `Helper::stripDangerousTags()` removes ``, ``, ``, `` but does...

vulnerabilityCVEhigh-severitycross-site-scripting-xsscwe-79
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 4 IOCs /⚙ 3 Sigma