CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-51599

criticalCVSS 9.8covered by 1 sourcefirst seen 2026-07-09
An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding message body. The affected RTSP parser enters a body-waiting state instead of rejecting the malformed request, causing all subsequent data on the connection to be silently consumed as body content until a server-side timeout closes the connection.

⚡ Watch CVE-2026-51599

Get an email if CVE-2026-51599 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-51599

CVE.org record

Embed the live status

CVE-2026-51599 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-51599 status](https://www.csirts.com/badge/CVE-2026-51599)](https://www.csirts.com/cve/CVE-2026-51599)