Summary

Digi On-Prem Manager processed device-reported data without consistently bounding its size or validating its structure before use. A connected device that reported a malformed or oversized configuration schema or fileset manifest could exhaust server memory or crash the shared configuration-processing path. Because that path is shared, the disruption affected configuration processing for other devices, not only the device that sent the data. Separately, over-length device metadata fields could cause that device’s metadata update to fail.

The data originates from a managed device that has completed enrollment.

Solution

Update to Digi On-Prem Manager v26.06 or later. Device-reported configuration schemas and fileset manifests are now size-bounded and validated before processing, and data refused this way no longer triggers configuration recalculation. Over-length device metadata fields are truncated to their storage limits so they cannot fail the update.

Affected Versions

Digi On-Prem Manager versions before v26.06 are affected.