Common Weakness Enumeration

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

CVE-2026-10650 (GCVE-0-2026-10650)

Vulnerability from cvelistv5 – Published: 2026-06-02 21:15 – Updated: 2026-06-03 14:04 X_Open Source
VLAI
Title
warmcat libwebsockets SSH Protocol sshd.c lws_ssh_parse_plaintext resource consumption
Summary
A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lws_ssh_parse_plaintext of the file plugins/protocol_lws_ssh_base/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msg_len can lead to resource consumption. The attack may be launched remotely. The exploit has been published and may be used. This patch is called 3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498. A patch should be applied to remediate this issue.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
warmcat libwebsockets Affected: 4.5.0
Affected: 4.5.1
Affected: 4.5.2
Affected: 4.5.3
Affected: 4.5.4
Affected: 4.5.5
Affected: 4.5.6
Affected: 4.5.7
Affected: 4.5.8
    cpe:2.3:a:warmcat:libwebsockets:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
biniam (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10650",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-03T14:04:17.007618Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-03T14:04:31.919Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:warmcat:libwebsockets:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "SSH Protocol Handler"
          ],
          "product": "libwebsockets",
          "vendor": "warmcat",
          "versions": [
            {
              "status": "affected",
              "version": "4.5.0"
            },
            {
              "status": "affected",
              "version": "4.5.1"
            },
            {
              "status": "affected",
              "version": "4.5.2"
            },
            {
              "status": "affected",
              "version": "4.5.3"
            },
            {
              "status": "affected",
              "version": "4.5.4"
            },
            {
              "status": "affected",
              "version": "4.5.5"
            },
            {
              "status": "affected",
              "version": "4.5.6"
            },
            {
              "status": "affected",
              "version": "4.5.7"
            },
            {
              "status": "affected",
              "version": "4.5.8"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "biniam (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lws_ssh_parse_plaintext of the file plugins/protocol_lws_ssh_base/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msg_len can lead to resource consumption. The attack may be launched remotely. The exploit has been published and may be used. This patch is called 3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498. A patch should be applied to remediate this issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T21:15:10.566Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-367955 | warmcat libwebsockets SSH Protocol sshd.c lws_ssh_parse_plaintext resource consumption",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/367955"
        },
        {
          "name": "VDB-367955 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/367955/cti"
        },
        {
          "name": "CVE-2026-10650 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-10650"
        },
        {
          "name": "Submit #830261 | warmcat libwebsockets 4.5.99-v4.5.0-382-g4a63b9333 Uncontrolled Memory Allocation",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/830261"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/biniamf/pocs/tree/main/libwebsockets_sshd-parse-ic-unbounded-alloc"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/biniamf/pocs/blob/main/libwebsockets_sshd-parse-ic-unbounded-alloc/poc_sshd_unbounded_alloc.py"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/warmcat/libwebsockets/commit/3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/warmcat/libwebsockets/"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-02T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-06-02T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-06-02T17:24:23.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "warmcat libwebsockets SSH Protocol sshd.c lws_ssh_parse_plaintext resource consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-10650",
    "datePublished": "2026-06-02T21:15:10.566Z",
    "dateReserved": "2026-06-02T15:19:20.070Z",
    "dateUpdated": "2026-06-03T14:04:31.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10691 (GCVE-0-2026-10691)

Vulnerability from cvelistv5 – Published: 2026-06-02 23:30 – Updated: 2026-06-03 13:47 X_Open Source
VLAI
Title
wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos
Summary
A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. Performing a manipulation of the argument SearchResult[] results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.2.39 will fix this issue. The patch is named 4ce845f8749b6a159b57b38dcc3357f7222a8078. It is suggested to upgrade the affected component.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
  • CWE-400 - Resource Consumption
Assigner
Impacted products
Vendor Product Version
wonderwhy-er DesktopCommanderMCP Affected: 0.2.0
Affected: 0.2.1
Affected: 0.2.2
Affected: 0.2.3
Affected: 0.2.4
Affected: 0.2.5
Affected: 0.2.6
Affected: 0.2.7
Affected: 0.2.8
Affected: 0.2.9
Affected: 0.2.10
Affected: 0.2.11
Affected: 0.2.12
Affected: 0.2.13
Affected: 0.2.14
Affected: 0.2.15
Affected: 0.2.16
Affected: 0.2.17
Affected: 0.2.18
Affected: 0.2.19
Affected: 0.2.20
Affected: 0.2.21
Affected: 0.2.22
Affected: 0.2.23
Affected: 0.2.24
Affected: 0.2.25
Affected: 0.2.26
Affected: 0.2.27
Affected: 0.2.28
Affected: 0.2.29
Affected: 0.2.30
Affected: 0.2.31
Affected: 0.2.32
Affected: 0.2.33
Affected: 0.2.34
Affected: 0.2.35
Affected: 0.2.36
Affected: 0.2.37
Affected: 0.2.38
Unaffected: 0.2.39
    cpe:2.3:a:wonderwhy-er:desktopcommandermcp:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
skywings (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10691",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-03T13:46:45.461875Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-03T13:47:07.613Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:wonderwhy-er:desktopcommandermcp:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "start_search"
          ],
          "product": "DesktopCommanderMCP",
          "vendor": "wonderwhy-er",
          "versions": [
            {
              "status": "affected",
              "version": "0.2.0"
            },
            {
              "status": "affected",
              "version": "0.2.1"
            },
            {
              "status": "affected",
              "version": "0.2.2"
            },
            {
              "status": "affected",
              "version": "0.2.3"
            },
            {
              "status": "affected",
              "version": "0.2.4"
            },
            {
              "status": "affected",
              "version": "0.2.5"
            },
            {
              "status": "affected",
              "version": "0.2.6"
            },
            {
              "status": "affected",
              "version": "0.2.7"
            },
            {
              "status": "affected",
              "version": "0.2.8"
            },
            {
              "status": "affected",
              "version": "0.2.9"
            },
            {
              "status": "affected",
              "version": "0.2.10"
            },
            {
              "status": "affected",
              "version": "0.2.11"
            },
            {
              "status": "affected",
              "version": "0.2.12"
            },
            {
              "status": "affected",
              "version": "0.2.13"
            },
            {
              "status": "affected",
              "version": "0.2.14"
            },
            {
              "status": "affected",
              "version": "0.2.15"
            },
            {
              "status": "affected",
              "version": "0.2.16"
            },
            {
              "status": "affected",
              "version": "0.2.17"
            },
            {
              "status": "affected",
              "version": "0.2.18"
            },
            {
              "status": "affected",
              "version": "0.2.19"
            },
            {
              "status": "affected",
              "version": "0.2.20"
            },
            {
              "status": "affected",
              "version": "0.2.21"
            },
            {
              "status": "affected",
              "version": "0.2.22"
            },
            {
              "status": "affected",
              "version": "0.2.23"
            },
            {
              "status": "affected",
              "version": "0.2.24"
            },
            {
              "status": "affected",
              "version": "0.2.25"
            },
            {
              "status": "affected",
              "version": "0.2.26"
            },
            {
              "status": "affected",
              "version": "0.2.27"
            },
            {
              "status": "affected",
              "version": "0.2.28"
            },
            {
              "status": "affected",
              "version": "0.2.29"
            },
            {
              "status": "affected",
              "version": "0.2.30"
            },
            {
              "status": "affected",
              "version": "0.2.31"
            },
            {
              "status": "affected",
              "version": "0.2.32"
            },
            {
              "status": "affected",
              "version": "0.2.33"
            },
            {
              "status": "affected",
              "version": "0.2.34"
            },
            {
              "status": "affected",
              "version": "0.2.35"
            },
            {
              "status": "affected",
              "version": "0.2.36"
            },
            {
              "status": "affected",
              "version": "0.2.37"
            },
            {
              "status": "affected",
              "version": "0.2.38"
            },
            {
              "status": "unaffected",
              "version": "0.2.39"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "skywings (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. Performing a manipulation of the argument SearchResult[] results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.2.39 will fix this issue. The patch is named 4ce845f8749b6a159b57b38dcc3357f7222a8078. It is suggested to upgrade the affected component."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T23:30:14.612Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-367960 | wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/367960"
        },
        {
          "name": "VDB-367960 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/367960/cti"
        },
        {
          "name": "CVE-2026-10691 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-10691"
        },
        {
          "name": "Submit #830746 | wonderwhy-er DesktopCommanderMCP 0.2.37 Denial of Service",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/830746"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/375"
        },
        {
          "tags": [
            "issue-tracking",
            "patch"
          ],
          "url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/pull/400"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/commit/4ce845f8749b6a159b57b38dcc3357f7222a8078"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/releases/tag/v0.2.39"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-02T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-06-02T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-06-02T17:45:49.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-10691",
    "datePublished": "2026-06-02T23:30:14.612Z",
    "dateReserved": "2026-06-02T15:40:41.889Z",
    "dateUpdated": "2026-06-03T13:47:07.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10692 (GCVE-0-2026-10692)

Vulnerability from cvelistv5 – Published: 2026-06-02 23:45 – Updated: 2026-06-03 14:10 X_Open Source
VLAI
Title
johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos
Summary
A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_code_advanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.14.1 is able to address this issue. This patch is called 25bc02fac74051ddae15ce79e952f00211b1ea6b. Upgrading the affected component is recommended.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
  • CWE-400 - Resource Consumption
Assigner
Impacted products
Vendor Product Version
johnhuang316 code-index-mcp Affected: 2.0
Affected: 2.1
Affected: 2.2
Affected: 2.3
Affected: 2.4
Affected: 2.5
Affected: 2.6
Affected: 2.7
Affected: 2.8
Affected: 2.9
Affected: 2.10
Affected: 2.11
Affected: 2.12
Affected: 2.13
Affected: 2.14.0
Unaffected: 2.14.1
    cpe:2.3:a:johnhuang316:code-index-mcp:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
skywings (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10692",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-03T14:10:14.252640Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-03T14:10:25.259Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:johnhuang316:code-index-mcp:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "search_code_advanced"
          ],
          "product": "code-index-mcp",
          "vendor": "johnhuang316",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            },
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            },
            {
              "status": "affected",
              "version": "2.3"
            },
            {
              "status": "affected",
              "version": "2.4"
            },
            {
              "status": "affected",
              "version": "2.5"
            },
            {
              "status": "affected",
              "version": "2.6"
            },
            {
              "status": "affected",
              "version": "2.7"
            },
            {
              "status": "affected",
              "version": "2.8"
            },
            {
              "status": "affected",
              "version": "2.9"
            },
            {
              "status": "affected",
              "version": "2.10"
            },
            {
              "status": "affected",
              "version": "2.11"
            },
            {
              "status": "affected",
              "version": "2.12"
            },
            {
              "status": "affected",
              "version": "2.13"
            },
            {
              "status": "affected",
              "version": "2.14.0"
            },
            {
              "status": "unaffected",
              "version": "2.14.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "skywings (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_code_advanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.14.1 is able to address this issue. This patch is called 25bc02fac74051ddae15ce79e952f00211b1ea6b. Upgrading the affected component is recommended."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T23:45:12.046Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-367961 | johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/367961"
        },
        {
          "name": "VDB-367961 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/367961/cti"
        },
        {
          "name": "CVE-2026-10692 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-10692"
        },
        {
          "name": "Submit #830786 | johnhuang316 code-index-mcp Latest Denial of Service",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/830786"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/johnhuang316/code-index-mcp/issues/84"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/johnhuang316/code-index-mcp/commit/25bc02fac74051ddae15ce79e952f00211b1ea6b"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/johnhuang316/code-index-mcp/releases/tag/v2.14.1"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/johnhuang316/code-index-mcp/"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-02T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-06-02T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-06-02T17:48:32.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-10692",
    "datePublished": "2026-06-02T23:45:12.046Z",
    "dateReserved": "2026-06-02T15:43:28.477Z",
    "dateUpdated": "2026-06-03T14:10:25.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10705 (GCVE-0-2026-10705)

Vulnerability from cvelistv5 – Published: 2026-06-03 01:15 – Updated: 2026-06-03 14:11
VLAI
Title
dask HLL hyperloglog.py nunique_approx resource consumption
Summary
A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The pull request to fix this issue awaits acceptance.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/vuln/368018 vdb-entrytechnical-description
https://vuldb.com/vuln/368018/cti signaturepermissions-required
https://vuldb.com/cve/CVE-2026-10705 third-party-advisory
https://vuldb.com/submit/831411 third-party-advisory
https://github.com/dask/dask/issues/12403 issue-tracking
https://github.com/dask/dask/pull/12401 issue-trackingpatch
https://github.com/dask/dask/ product
Impacted products
Vendor Product Version
n/a dask Affected: 3.0
    cpe:2.3:a:dask:dask:*:*:*:*:*:*:*:*
Credits
Dem0 (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10705",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-03T14:11:33.203540Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-03T14:11:44.133Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:dask:dask:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "HLL Handler"
          ],
          "product": "dask",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Dem0 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The pull request to fix this issue awaits acceptance."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.1,
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-03T01:15:10.343Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-368018 | dask HLL hyperloglog.py nunique_approx resource consumption",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/368018"
        },
        {
          "name": "VDB-368018 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/368018/cti"
        },
        {
          "name": "CVE-2026-10705 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-10705"
        },
        {
          "name": "Submit #831411 | dask 2026.3.0 Algorithmic Complexity / Hash Collision / Denial of Service",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/831411"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/dask/dask/issues/12403"
        },
        {
          "tags": [
            "issue-tracking",
            "patch"
          ],
          "url": "https://github.com/dask/dask/pull/12401"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/dask/dask/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-02T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-06-02T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-06-02T19:51:54.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "dask HLL hyperloglog.py nunique_approx resource consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-10705",
    "datePublished": "2026-06-03T01:15:10.343Z",
    "dateReserved": "2026-06-02T17:46:25.630Z",
    "dateUpdated": "2026-06-03T14:11:44.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10802 (GCVE-0-2026-10802)

Vulnerability from cvelistv5 – Published: 2026-06-04 11:15 – Updated: 2026-06-04 12:31
VLAI
Title
keystonejs keystone GraphQL API Endpoint output-field.ts resource consumption
Summary
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attack remotely. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
keystonejs keystone Affected: 20260319
    cpe:2.3:a:keystonejs:keystone:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
nedlir (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10802",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-04T12:31:14.916360Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-04T12:31:20.535Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:keystonejs:keystone:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "GraphQL API Endpoint"
          ],
          "product": "keystone",
          "vendor": "keystonejs",
          "versions": [
            {
              "status": "affected",
              "version": "20260319"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "nedlir (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attack remotely. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-04T11:15:10.397Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-368251 | keystonejs keystone GraphQL API Endpoint output-field.ts resource consumption",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/368251"
        },
        {
          "name": "VDB-368251 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/368251/cti"
        },
        {
          "name": "CVE-2026-10802 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-10802"
        },
        {
          "name": "Submit #831461 | Keystone KeystoneJS 2026-03-19 Denial of Service",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/831461"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/keystonejs/keystone/issues/9789"
        },
        {
          "tags": [
            "issue-tracking",
            "patch"
          ],
          "url": "https://github.com/keystonejs/keystone/pull/9831"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/nedlir/0431275665076772844ebfe5167e54f6"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/keystonejs/keystone/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-06-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-06-04T07:07:34.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "keystonejs keystone GraphQL API Endpoint output-field.ts resource consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-10802",
    "datePublished": "2026-06-04T11:15:10.397Z",
    "dateReserved": "2026-06-04T05:02:30.479Z",
    "dateUpdated": "2026-06-04T12:31:20.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-11478 (GCVE-0-2026-11478)

Vulnerability from cvelistv5 – Published: 2026-06-08 02:00 – Updated: 2026-06-08 10:59
VLAI
Title
kokke tiny-regex-c Pattern re.c matchstar redos
Summary
A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local execution. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
  • CWE-400 - Resource Consumption
Assigner
Impacted products
Vendor Product Version
kokke tiny-regex-c Affected: f2632c6d9ed25272987471cdb8b70395c2460bdb
    cpe:2.3:a:kokke:tiny-regex-c:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Fantasy (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-11478",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-08T10:59:04.320619Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-08T10:59:56.190Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:kokke:tiny-regex-c:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Pattern Handler"
          ],
          "product": "tiny-regex-c",
          "vendor": "kokke",
          "versions": [
            {
              "status": "affected",
              "version": "f2632c6d9ed25272987471cdb8b70395c2460bdb"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Fantasy (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local execution. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1.7,
            "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-08T02:00:16.513Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-369098 | kokke tiny-regex-c Pattern re.c matchstar redos",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/369098"
        },
        {
          "name": "VDB-369098 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/369098/cti"
        },
        {
          "name": "CVE-2026-11478 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-11478"
        },
        {
          "name": "Submit #833966 | tiny-regex-c 0.1.0 Regular Expression Denial of Service",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/833966"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/kokke/tiny-regex-c/issues/100"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/user-attachments/files/28046213/tiny-regex-c-redos-poc.zip"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/kokke/tiny-regex-c/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-06-07T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-06-07T11:47:54.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "kokke tiny-regex-c Pattern re.c matchstar redos"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-11478",
    "datePublished": "2026-06-08T02:00:16.513Z",
    "dateReserved": "2026-06-07T09:42:50.401Z",
    "dateUpdated": "2026-06-08T10:59:56.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-11611 (GCVE-0-2026-11611)

Vulnerability from cvelistv5 – Published: 2026-06-08 16:17 – Updated: 2026-06-30 07:48
VLAI
Title
389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions
Summary
A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-400 - Uncontrolled Resource Consumption
Assigner
References
URL Tags
https://access.redhat.com/security/cve/CVE-2026-11611 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2485424 issue-trackingx_refsource_REDHAT
Date Public
2026-04-16 00:00
Credits
This issue was discovered by Ian Murphy (Red Hat).
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-11611",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T14:28:50.963949Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T14:35:36.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:11"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:11/389-ds-base",
          "product": "Red Hat Directory Server 11",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:12"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:12/389-ds-base",
          "product": "Red Hat Directory Server 12",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:13"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Directory Server 13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Ian Murphy (Red Hat)."
        }
      ],
      "datePublic": "2026-04-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T07:48:54.613Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-11611"
        },
        {
          "name": "RHBZ#2485424",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485424"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-16T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-16T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions",
      "workarounds": [
        {
          "lang": "en",
          "value": "Bug 1 (Queue DoS): Reduce SYNC_MAX_CONCURRENT from the default of 10 to minimize the number of clients that can accumulate queues. Apply network-level rate limiting on persistent sync search requests. Monitor client connections and terminate stalled sync clients that stop reading for an extended period. Set system-level memory limits (e.g., LimitAS= in the systemd unit file or cgroup memory limits) to prevent unbounded memory growth. Bugs 2 and 3: No workaround available \u2014 these are code-level race conditions that require source fixes."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-11611",
    "datePublished": "2026-06-08T16:17:59.532Z",
    "dateReserved": "2026-06-08T16:14:20.086Z",
    "dateUpdated": "2026-06-30T07:48:54.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1174 (GCVE-0-2026-1174)

Vulnerability from cvelistv5 – Published: 2026-01-19 20:02 – Updated: 2026-02-23 08:48
VLAI
Title
birkir prime GraphQL Alias graphql resource consumption
Summary
A vulnerability was determined in birkir prime up to 0.4.0.beta.0. This affects an unknown function of the file /graphql of the component GraphQL Alias Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.341768 vdb-entrytechnical-description
https://vuldb.com/?ctiid.341768 signaturepermissions-required
https://vuldb.com/?submit.731105 third-party-advisory
https://github.com/birkir/prime/issues/545 exploitissue-tracking
https://github.com/birkir/prime/ product
Impacted products
Vendor Product Version
birkir prime Affected: 0.4.0.beta
Create a notification for this product.
Credits
ZAST.AI (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1174",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-20T14:44:54.280746Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-20T14:45:02.891Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "GraphQL Alias Handler"
          ],
          "product": "prime",
          "vendor": "birkir",
          "versions": [
            {
              "status": "affected",
              "version": "0.4.0.beta"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "ZAST.AI (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in birkir prime up to 0.4.0.beta.0. This affects an unknown function of the file /graphql of the component GraphQL Alias Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-23T08:48:57.030Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-341768 | birkir prime GraphQL Alias graphql resource consumption",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.341768"
        },
        {
          "name": "VDB-341768 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.341768"
        },
        {
          "name": "Submit #731105 | birkir prime \u003c=0.4.0 GraphQL Aliases Overloading Vulnerability",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.731105"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/birkir/prime/issues/545"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/birkir/prime/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-01-19T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-01-19T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-02-05T03:25:26.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "birkir prime GraphQL Alias graphql resource consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-1174",
    "datePublished": "2026-01-19T20:02:05.914Z",
    "dateReserved": "2026-01-19T07:15:42.177Z",
    "dateUpdated": "2026-02-23T08:48:57.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-11790 (GCVE-0-2026-11790)

Vulnerability from cvelistv5 – Published: 2026-06-09 13:09 – Updated: 2026-06-30 13:38
VLAI
Title
389-ds-base: 389-ds-base: pbkdf2 password storage plugin unbounded iteration count denial of service
Summary
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication, resulting in denial of service.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-400 - Uncontrolled Resource Consumption
Assigner
References
URL Tags
https://access.redhat.com/security/cve/CVE-2026-11790 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2485421 issue-trackingx_refsource_REDHAT
Date Public
2026-04-16 00:00
Credits
This issue was discovered by Ian Murphy (Red Hat).
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-11790",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T13:28:46.679763Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T13:29:01.281Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:11"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:11/389-ds-base",
          "product": "Red Hat Directory Server 11",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:12"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:12/389-ds-base",
          "product": "Red Hat Directory Server 12",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:13"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Directory Server 13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Ian Murphy (Red Hat)."
        }
      ],
      "datePublic": "2026-04-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user\u0027s password hash can cause excessive CPU consumption during authentication, resulting in denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T13:38:26.226Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-11790"
        },
        {
          "name": "RHBZ#2485421",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485421"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-16T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-16T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "389-ds-base: 389-ds-base: pbkdf2 password storage plugin unbounded iteration count denial of service",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disable nsslapd-allow-hashed-passwords (default: off) to prevent non-DM users from setting pre-hashed passwords. Restrict Directory Manager credentials; limit DM access to management networks and audit DM operations via nsslapd-auditlog. Monitor for suspicious userPassword modifications (unusual hash schemes or large base64 payloads). Monitor for unusually long bind operations to the same account, which may indicate a poisoned PBKDF2 hash."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-11790",
    "datePublished": "2026-06-09T13:09:29.818Z",
    "dateReserved": "2026-06-09T13:00:11.043Z",
    "dateUpdated": "2026-06-30T13:38:26.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12151 (GCVE-0-2026-12151)

Vulnerability from cvelistv5 – Published: 2026-06-17 16:05 – Updated: 2026-07-02 12:05
VLAI
Title
undici WebSocket client vulnerable to denial of service via fragment count bypass
Summary
Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service. Affected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint. All releases starting at undici 6.17.0 are affected. Patches: Upgrade to undici >= 6.26.0, >= 7.28.0, or >= 8.5.0. Workarounds: No workaround is available. The fix must be applied through an upgrade.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-400 - Uncontrolled Resource Consumption
  • CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
Impacted products
Vendor Product Version
undici undici Affected: 0 , < 6.26.0 (semver)
Unaffected: 6.26.0 (semver)
Affected: 7.0.0 , < 7.28.0 (semver)
Unaffected: 7.28.0 (semver)
Affected: 8.0.0 , < 8.5.0 (semver)
Unaffected: 8.5.0 (semver)
Create a notification for this product.
Red Hat Cluster Observability Operator 1.5.0     cpe:/a:redhat:cluster_observability_operator:1.5::el9
Create a notification for this product.
Red Hat Cryostat 4     cpe:/a:redhat:cryostat:4
Create a notification for this product.
Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
Create a notification for this product.
Red Hat Red Hat AMQ Broker 7     cpe:/a:redhat:amq_broker:7
Create a notification for this product.
Red Hat Red Hat Build of Podman Desktop     cpe:/a:redhat:podman_desktop:1
Create a notification for this product.
Red Hat Red Hat Developer Hub     cpe:/a:redhat:rhdh:1
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Create a notification for this product.
Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
Create a notification for this product.
Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
Create a notification for this product.
Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
Create a notification for this product.
Red Hat Self-service automation portal 2     cpe:/a:redhat:ansible_portal:2
Create a notification for this product.
Credits
lpinca Nadav0077 UlisesGascon
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-12151",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T17:29:57.305732Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T17:30:13.782Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:cluster_observability_operator:1.5::el9"
            ],
            "defaultStatus": "affected",
            "product": "Cluster Observability Operator 1.5.0",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:cryostat:4"
            ],
            "defaultStatus": "affected",
            "product": "Cryostat 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Pipelines",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:amq_broker:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat AMQ Broker 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:podman_desktop:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Build of Podman Desktop",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhdh:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Developer Hub",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:hummingbird:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Hardened Images",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Openshift Data Foundation 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_devspaces:3"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Dev Spaces",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_portal:2"
            ],
            "defaultStatus": "affected",
            "product": "Self-service automation portal 2",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-06-17T16:05:38.785Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-02T12:05:19.944Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-12151"
          },
          {
            "name": "RHBZ#2489980",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12151.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:34342"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-06-17T17:01:45.297Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-06-17T16:05:38.785Z",
            "value": "Made public."
          }
        ],
        "title": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames",
        "workarounds": [
          {
            "lang": "en",
            "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/undici",
          "product": "undici",
          "vendor": "undici",
          "versions": [
            {
              "lessThan": "6.26.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "6.26.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.28.0",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "7.28.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.5.0",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "8.5.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "lpinca"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Nadav0077"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "UlisesGascon"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Impact:\nThe undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\n\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\n\nAll releases starting at undici 6.17.0 are affected.\n\nPatches:\u0026nbsp;Upgrade to undici \u0026gt;= 6.26.0, \u0026gt;= 7.28.0, or \u0026gt;= 8.5.0.\u0026nbsp;Workarounds:\nNo workaround is available. The fix must be applied through an upgrade."
            }
          ],
          "value": "Impact:\nThe undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\n\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\n\nAll releases starting at undici 6.17.0 are affected.\n\nPatches:\u00a0Upgrade to undici \u003e= 6.26.0, \u003e= 7.28.0, or \u003e= 8.5.0.\u00a0Workarounds:\nNo workaround is available. The fix must be applied through an upgrade."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T16:05:38.785Z",
        "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "shortName": "openjs"
      },
      "references": [
        {
          "url": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q"
        },
        {
          "url": "https://cna.openjsf.org/security-advisories.html"
        }
      ],
      "title": "undici WebSocket client vulnerable to denial of service via fragment count bypass",
      "x_generator": {
        "engine": "cve-kit 1.0.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
    "assignerShortName": "openjs",
    "cveId": "CVE-2026-12151",
    "datePublished": "2026-06-17T16:05:38.785Z",
    "dateReserved": "2026-06-12T18:14:04.454Z",
    "dateUpdated": "2026-07-02T12:05:19.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation

Phase: Architecture and Design

Description:

  • Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation

Phase: Architecture and Design

Description:

  • Mitigation of resource exhaustion attacks requires that the target system either:
  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
  • The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • recognizes the attack and denies that user further access for a given amount of time, or
  • uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation

Phase: Architecture and Design

Description:

  • Ensure that protocols have specific limits of scale placed on them.
Mitigation

Phase: Implementation

Description:

  • Ensure that all failures in resource allocation place the system into a safe posture.
CAPEC-147: XML Ping of the Death

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

CAPEC-227: Sustained Client Engagement

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.

Back to CWE stats page