Summary

Digi On-Prem Manager had two paths that could be used to increase server load:

• Enrollment packages for a non-default device integration were generated on demand.
• Several server-backed dashboard tables did not enforce the same page-size limits as the browser UI.

The enrollment package path is reachable only when the affected non-default enrollment feature is enabled. The dashboard table path requires an authenticated dashboard account.

Preconditions

Affected deployments must have the affected enrollment feature enabled or expose dashboard access to users who can request the affected tables.

Solution

Update to Digi On-Prem Manager v26.06 or later.

Mitigations

Until the update is applied, restrict enrollment package downloads and dashboard access to trusted networks and users.

Affected Versions

Digi On-Prem Manager versions before v26.06 are affected when either path is exposed.