Which products are affected by CVE-2026-1876?

All versions of the MELSEC iQ-F Series FX5-ENET/IP Ethernet Module are affected by this vulnerability.

What mitigations are recommended for CVE-2026-1876?

Mitsubishi Electric recommends using firewalls, VPNs, and IP filters to prevent unauthorized access and mitigate the risk of exploitation.

Critical DoS Vulnerability in Mitsubishi Electric's MELSEC iQ-F Series FX5-ENET/IP Module (CVE-2026-1876)

A newly disclosed vulnerability in Mitsubishi Electric's MELSEC iQ-F Series FX5-ENET/IP Ethernet Module poses significant risks to industrial control systems. Learn about the implications and recommended mitigations.

Published: June 19, 2026

Share this on:

Executive Summary

In March 2026, Mitsubishi Electric disclosed a high-severity denial-of-service (DoS) vulnerability (CVE-2026-1876) in its MELSEC iQ-F Series FX5-ENET/IP Ethernet Module. This flaw allows remote attackers to render the device unresponsive by continuously sending UDP packets, necessitating a system reset for recovery. The vulnerability affects all versions of the FX5-ENET/IP module, posing significant risks to industrial control systems reliant on this equipment.

The incident underscores the critical importance of securing industrial control systems against network-based attacks. As similar vulnerabilities continue to emerge, organizations must proactively implement robust network security measures, including firewalls and VPNs, to mitigate potential threats and ensure operational continuity.

Why This Matters Now

The disclosure of CVE-2026-1876 highlights the ongoing risks to industrial control systems from network-based attacks. Immediate attention is required to implement recommended mitigations and prevent potential operational disruptions.

Attack Path Analysis

An attacker remotely exploited a vulnerability in the MELSEC iQ-F Series FX5-ENET/IP Ethernet Module by sending a high volume of UDP packets, leading to a denial-of-service condition that disrupted industrial operations.

Kill Chain Progression

Initial Compromise

High

Privilege Escalation

High

Lateral Movement

High

Command & Control

High

Exfiltration

High

Impact

High

Initial Compromise

Description

The attacker remotely accessed the Ethernet module by sending a large number of UDP packets, exploiting a vulnerability that led to resource exhaustion.

Confidence:

High

Related CVEs

Included CVEs with severity scores, affected products, exploit status, and reference links.

CVE-2026-8806
CVSS 8.7
A denial-of-service (DoS) vulnerability in the MELSEC iQ-F Series FX5-ENET/IP Ethernet module allows a remote attacker to disrupt communication functions by sending a large number of packets to the Ethernet port, leading to increased processing load and communication function stoppage.
Affected Products:
Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module – all versions
Exploit Status:
no public exploit
References:
https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-003_en.pdf https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-06

MITRE ATT&CK® Techniques

Impact

T1499.002

Service Exhaustion Flood

Impact

T1498.001

Direct Network Flood

Impact

T1499.003

Application Exhaustion Flood

Impact

T1499.004

Application or System Exploitation

Impact

T1498.002

Reflection Amplification

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

PCI DSS 4.0 – Change Control Processes

Control ID: 6.4.1

The lack of timely updates to mitigate known vulnerabilities in the FX5-ENET/IP Ethernet Module indicates inadequate change control processes, potentially exposing cardholder data environments to security risks.

NYDFS 23 NYCRR 500 – Cybersecurity Policy

Control ID: 500.03

The incident suggests deficiencies in the cybersecurity policy, particularly in identifying and addressing vulnerabilities that could lead to service disruptions, as required by the regulation.

DORA – ICT Risk Management Framework

Control ID: Article 5

The failure to prevent a denial-of-service condition indicates shortcomings in the ICT risk management framework, which should encompass measures to protect against such disruptions.

CISA ZTMM 2.0 – Network and Environment Segmentation

Control ID: Pillar 3

The vulnerability exploitation points to insufficient network segmentation and access controls, which are critical components of a zero trust architecture to prevent unauthorized access and mitigate attacks.

NIS2 Directive – Cybersecurity Risk Management Measures

Control ID: Article 21

The incident reveals a failure to implement appropriate technical and organizational measures to manage cybersecurity risks, as mandated by the directive.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Industrial Automation

Mitsubishi Electric MELSEC iQ-F Ethernet modules face DoS vulnerabilities affecting production lines, requiring network segmentation and egress filtering for operational continuity.

Automotive

Manufacturing systems using affected Ethernet modules vulnerable to communication disruption, potentially halting assembly lines and requiring encrypted traffic monitoring capabilities.

Electrical/Electronic Manufacturing

Production control systems exposed to denial-of-service attacks through unprotected Ethernet interfaces, necessitating zero trust segmentation and threat detection implementation.

Machinery

Industrial equipment relying on MELSEC modules susceptible to operational shutdown via packet flooding attacks, demanding multicloud visibility and anomaly response systems.

Sources

Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Modulehttps://www.cisa.gov/news-events/ics-advisories/icsa-26-169-06
Verified

Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series FX5-ENET/IP Ethernet modulehttps://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-003_en.pdf

Verified

Multiple vulnerabilities in the Ethernet function of the MELSEC iQ-F series of Mitsubishi Electrichttps://www.incibe.es/incibe-cert/alerta-temprana/avisos-sci/multiples-vulnerabilidades-en-la-funcion-ethernet-de-la-serie-melsec-iq-f-de

Verified

Frequently Asked Questions

CVE-2026-1876 is a high-severity denial-of-service vulnerability in Mitsubishi Electric's MELSEC iQ-F Series FX5-ENET/IP Ethernet Module, allowing remote attackers to render the device unresponsive via UDP packet floods.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Aviatrix Zero Trust CNSF is pertinent to this incident as it could have limited the attacker's ability to exploit the Ethernet module by enforcing strict segmentation and identity-based access controls, thereby reducing the potential blast radius.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: The attacker's ability to exploit the Ethernet module would likely have been constrained, reducing the potential for resource exhaustion.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: The attacker's ability to exploit the Ethernet module would likely have been constrained, reducing the potential for resource exhaustion.

Lateral Movement

Control: East-West Traffic Security

Mitigation: The attacker's ability to move laterally within the network would likely have been constrained, reducing the potential for further exploitation.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: The attacker's ability to establish command and control channels would likely have been constrained, reducing the potential for sustained attacks.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: The attacker's ability to exfiltrate data would likely have been constrained, reducing the potential for data breaches.

Impact (Mitigations)

The attack's impact would likely have been constrained, reducing the potential for widespread operational disruption.

Impact at a Glance

Affected Business Functions

Industrial Control Systems
Manufacturing Operations

Operational Disruption

Estimated downtime: 2 days

Financial Impact

Estimated loss: $50,000

Data Exposure

n/a

Recommended Actions

• Implement network segmentation to isolate critical industrial control systems from untrusted networks.
• Deploy inline intrusion prevention systems (IPS) to detect and block anomalous traffic patterns indicative of denial-of-service attacks.
• Utilize egress security and policy enforcement to control outbound traffic and prevent unauthorized data flows.
• Enhance multicloud visibility and control to monitor and manage network traffic across different environments.
• Regularly update and patch network devices to mitigate known vulnerabilities and reduce the attack surface.

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

Critical DoS Vulnerability in Mitsubishi Electric's MELSEC iQ-F Series FX5-ENET/IP Module (CVE-2026-1876)

Executive Summary

Why This Matters Now

Attack Path Analysis

Kill Chain Progression

Initial Compromise

Description

Related CVEs

CVE-2026-8806

Affected Products:

Exploit Status:

References:

MITRE ATT&CK® Techniques

Service Exhaustion Flood

Direct Network Flood

Application Exhaustion Flood

Application or System Exploitation

Reflection Amplification

Potential Compliance Exposure

PCI DSS 4.0 – Change Control Processes

NYDFS 23 NYCRR 500 – Cybersecurity Policy

DORA – ICT Risk Management Framework

CISA ZTMM 2.0 – Network and Environment Segmentation

NIS2 Directive – Cybersecurity Risk Management Measures

Sector Implications

Industrial Automation

Automotive

Electrical/Electronic Manufacturing

Machinery

Sources

Frequently Asked Questions

Cloud Native Security Fabric Mitigations and ControlsCNSF

Impact at a Glance

Affected Business Functions

Recommended Actions

Key Takeaways & Next Steps

Secure the Paths Between Cloud Workloads