CVE-2026-43973 (GCVE-0-2026-43973)
Vulnerability from cvelistv5 – Published: 2026-06-08 14:12 – Updated: 2026-06-08 16:35
VLAI
Title
gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion
Summary
Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering.
In gun_http:handle/5, three clauses accumulate incoming TCP data into the connection's buffer field using binary concatenation with no upper-bound check: the head clause appends data until the \r\n\r\n header terminator is found; the body_chunked clause appends data whenever cow_http_te:stream_chunked/2 returns a more result indicating an incomplete chunk boundary; and the body_trailer clause appends data until the trailing \r\n\r\n is found. In each case, when the expected terminator never arrives, the enlarged binary is stored back into state and the process waits for more data, with no configurable or hard-coded ceiling on buffer size.
A malicious or compromised server can exploit this by sending a partial response that never completes. For example, a response may begin with HTTP/1.1 200 OK\r\nX-Pad: followed by an unbounded stream of arbitrary bytes, never sending the header terminator. The gun connection process will continuously append the incoming data to its buffer, causing unbounded heap growth. Because BEAM imposes no per-process heap limit by default, a single malicious connection can exhaust all available memory on the node, causing a node-wide out-of-memory crash.
This issue affects gun: from 1.0.0 before 2.4.0.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cna.erlef.org/cves/CVE-2026-43973.html | relatedthird-party-advisory |
| https://osv.dev/vulnerability/EEF-CVE-2026-43973 | related |
| https://github.com/ninenines/gun/commit/f3e7e0568… | patch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T15:48:05.292583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T15:48:12.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ninenines:gun:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"modules": [
"gun_http"
],
"packageName": "gun",
"packageURL": "pkg:hex/gun",
"product": "gun",
"programFiles": [
"src/gun_http.erl"
],
"programRoutines": [
{
"name": "gun_http:handle/5"
}
],
"repo": "https://github.com/ninenines/gun",
"vendor": "ninenines",
"versions": [
{
"lessThan": "2.4.0",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://github.com",
"cpes": [
"cpe:2.3:a:ninenines:gun:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"modules": [
"gun_http"
],
"packageName": "ninenines/gun",
"packageURL": "pkg:github/ninenines/gun",
"product": "gun",
"programFiles": [
"src/gun_http.erl"
],
"programRoutines": [
{
"name": "gun_http:handle/5"
}
],
"repo": "https://github.com/ninenines/gun.git",
"vendor": "ninenines",
"versions": [
{
"lessThan": "f3e7e0568b3c4cf9fa4bea79d5116e67ce76ad25",
"status": "affected",
"version": "11dfe71f4b9aedaaedea2ad3b2f32fd006a8480f",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ninenines:gun:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Ullrich"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lo\u00efc Hoguin"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uncontrolled Resource Consumption vulnerability in ninenines gun (\u003ctt\u003egun_http\u003c/tt\u003e module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering.\u003cp\u003eIn \u003ctt\u003egun_http:handle/5\u003c/tt\u003e, three clauses accumulate incoming TCP data into the connection\u0027s \u003ctt\u003ebuffer\u003c/tt\u003e field using binary concatenation with no upper-bound check: the \u003ctt\u003ehead\u003c/tt\u003e clause appends data until the \u003ctt\u003e\\r\\n\\r\\n\u003c/tt\u003e header terminator is found; the \u003ctt\u003ebody_chunked\u003c/tt\u003e clause appends data whenever \u003ctt\u003ecow_http_te:stream_chunked/2\u003c/tt\u003e returns a \u003ctt\u003emore\u003c/tt\u003e result indicating an incomplete chunk boundary; and the \u003ctt\u003ebody_trailer\u003c/tt\u003e clause appends data until the trailing \u003ctt\u003e\\r\\n\\r\\n\u003c/tt\u003e is found. In each case, when the expected terminator never arrives, the enlarged binary is stored back into state and the process waits for more data, with no configurable or hard-coded ceiling on buffer size.\u003c/p\u003e\u003cp\u003eA malicious or compromised server can exploit this by sending a partial response that never completes. For example, a response may begin with \u003ctt\u003eHTTP/1.1 200 OK\\r\\nX-Pad: \u003c/tt\u003e followed by an unbounded stream of arbitrary bytes, never sending the header terminator. The gun connection process will continuously append the incoming data to its buffer, causing unbounded heap growth. Because BEAM imposes no per-process heap limit by default, a single malicious connection can exhaust all available memory on the node, causing a node-wide out-of-memory crash.\u003c/p\u003e\u003cp\u003eThis issue affects gun: from 1.0.0 before 2.4.0.\u003c/p\u003e"
}
],
"value": "Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering.\n\nIn gun_http:handle/5, three clauses accumulate incoming TCP data into the connection\u0027s buffer field using binary concatenation with no upper-bound check: the head clause appends data until the \\r\\n\\r\\n header terminator is found; the body_chunked clause appends data whenever cow_http_te:stream_chunked/2 returns a more result indicating an incomplete chunk boundary; and the body_trailer clause appends data until the trailing \\r\\n\\r\\n is found. In each case, when the expected terminator never arrives, the enlarged binary is stored back into state and the process waits for more data, with no configurable or hard-coded ceiling on buffer size.\n\nA malicious or compromised server can exploit this by sending a partial response that never completes. For example, a response may begin with HTTP/1.1 200 OK\\r\\nX-Pad: followed by an unbounded stream of arbitrary bytes, never sending the header terminator. The gun connection process will continuously append the incoming data to its buffer, causing unbounded heap growth. Because BEAM imposes no per-process heap limit by default, a single malicious connection can exhaust all available memory on the node, causing a node-wide out-of-memory crash.\n\nThis issue affects gun: from 1.0.0 before 2.4.0."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T16:35:01.405Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"related",
"third-party-advisory"
],
"url": "https://cna.erlef.org/cves/CVE-2026-43973.html"
},
{
"tags": [
"related"
],
"url": "https://osv.dev/vulnerability/EEF-CVE-2026-43973"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ninenines/gun/commit/f3e7e0568b3c4cf9fa4bea79d5116e67ce76ad25"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2026-43973",
"datePublished": "2026-06-08T14:12:42.128Z",
"dateReserved": "2026-05-04T18:23:25.574Z",
"dateUpdated": "2026-06-08T16:35:01.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-43973\",\"sourceIdentifier\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"published\":\"2026-06-08T15:16:46.700\",\"lastModified\":\"2026-06-08T15:16:46.700\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering.\\n\\nIn gun_http:handle/5, three clauses accumulate incoming TCP data into the connection\u0027s buffer field using binary concatenation with no upper-bound check: the head clause appends data until the \\\\r\\\\n\\\\r\\\\n header terminator is found; the body_chunked clause appends data whenever cow_http_te:stream_chunked/2 returns a more result indicating an incomplete chunk boundary; and the body_trailer clause appends data until the trailing \\\\r\\\\n\\\\r\\\\n is found. In each case, when the expected terminator never arrives, the enlarged binary is stored back into state and the process waits for more data, with no configurable or hard-coded ceiling on buffer size.\\n\\nA malicious or compromised server can exploit this by sending a partial response that never completes. For example, a response may begin with HTTP/1.1 200 OK\\\\r\\\\nX-Pad: followed by an unbounded stream of arbitrary bytes, never sending the header terminator. The gun connection process will continuously append the incoming data to its buffer, causing unbounded heap growth. Because BEAM imposes no per-process heap limit by default, a single malicious connection can exhaust all available memory on the node, causing a node-wide out-of-memory crash.\\n\\nThis issue affects gun: from 1.0.0 before 2.4.0.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"references\":[{\"url\":\"https://cna.erlef.org/cves/CVE-2026-43973.html\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/ninenines/gun/commit/f3e7e0568b3c4cf9fa4bea79d5116e67ce76ad25\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://osv.dev/vulnerability/EEF-CVE-2026-43973\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-43973\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-08T15:48:05.292583Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-08T15:48:08.555Z\"}}], \"cna\": {\"title\": \"gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Peter Ullrich\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Lo\\u00efc Hoguin\"}], \"impacts\": [{\"capecId\": \"CAPEC-130\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-130 Excessive Allocation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ninenines:gun:*:*:*:*:*:*:*:*\"], \"repo\": \"https://github.com/ninenines/gun\", \"vendor\": \"ninenines\", \"modules\": [\"gun_http\"], \"product\": \"gun\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"2.4.0\", \"versionType\": \"semver\"}], \"packageURL\": \"pkg:hex/gun\", \"packageName\": \"gun\", \"programFiles\": [\"src/gun_http.erl\"], \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"gun_http:handle/5\"}]}, {\"cpes\": [\"cpe:2.3:a:ninenines:gun:*:*:*:*:*:*:*:*\"], \"repo\": \"https://github.com/ninenines/gun.git\", \"vendor\": \"ninenines\", \"modules\": [\"gun_http\"], \"product\": \"gun\", \"versions\": [{\"status\": \"affected\", \"version\": \"11dfe71f4b9aedaaedea2ad3b2f32fd006a8480f\", \"lessThan\": \"f3e7e0568b3c4cf9fa4bea79d5116e67ce76ad25\", \"versionType\": \"git\"}], \"packageURL\": \"pkg:github/ninenines/gun\", \"packageName\": \"ninenines/gun\", \"programFiles\": [\"src/gun_http.erl\"], \"collectionURL\": \"https://github.com\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"gun_http:handle/5\"}]}], \"references\": [{\"url\": \"https://cna.erlef.org/cves/CVE-2026-43973.html\", \"tags\": [\"related\", \"third-party-advisory\"]}, {\"url\": \"https://osv.dev/vulnerability/EEF-CVE-2026-43973\", \"tags\": [\"related\"]}, {\"url\": \"https://github.com/ninenines/gun/commit/f3e7e0568b3c4cf9fa4bea79d5116e67ce76ad25\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering.\\n\\nIn gun_http:handle/5, three clauses accumulate incoming TCP data into the connection\u0027s buffer field using binary concatenation with no upper-bound check: the head clause appends data until the \\\\r\\\\n\\\\r\\\\n header terminator is found; the body_chunked clause appends data whenever cow_http_te:stream_chunked/2 returns a more result indicating an incomplete chunk boundary; and the body_trailer clause appends data until the trailing \\\\r\\\\n\\\\r\\\\n is found. In each case, when the expected terminator never arrives, the enlarged binary is stored back into state and the process waits for more data, with no configurable or hard-coded ceiling on buffer size.\\n\\nA malicious or compromised server can exploit this by sending a partial response that never completes. For example, a response may begin with HTTP/1.1 200 OK\\\\r\\\\nX-Pad: followed by an unbounded stream of arbitrary bytes, never sending the header terminator. The gun connection process will continuously append the incoming data to its buffer, causing unbounded heap growth. Because BEAM imposes no per-process heap limit by default, a single malicious connection can exhaust all available memory on the node, causing a node-wide out-of-memory crash.\\n\\nThis issue affects gun: from 1.0.0 before 2.4.0.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Uncontrolled Resource Consumption vulnerability in ninenines gun (\u003ctt\u003egun_http\u003c/tt\u003e module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering.\u003cp\u003eIn \u003ctt\u003egun_http:handle/5\u003c/tt\u003e, three clauses accumulate incoming TCP data into the connection\u0027s \u003ctt\u003ebuffer\u003c/tt\u003e field using binary concatenation with no upper-bound check: the \u003ctt\u003ehead\u003c/tt\u003e clause appends data until the \u003ctt\u003e\\\\r\\\\n\\\\r\\\\n\u003c/tt\u003e header terminator is found; the \u003ctt\u003ebody_chunked\u003c/tt\u003e clause appends data whenever \u003ctt\u003ecow_http_te:stream_chunked/2\u003c/tt\u003e returns a \u003ctt\u003emore\u003c/tt\u003e result indicating an incomplete chunk boundary; and the \u003ctt\u003ebody_trailer\u003c/tt\u003e clause appends data until the trailing \u003ctt\u003e\\\\r\\\\n\\\\r\\\\n\u003c/tt\u003e is found. In each case, when the expected terminator never arrives, the enlarged binary is stored back into state and the process waits for more data, with no configurable or hard-coded ceiling on buffer size.\u003c/p\u003e\u003cp\u003eA malicious or compromised server can exploit this by sending a partial response that never completes. For example, a response may begin with \u003ctt\u003eHTTP/1.1 200 OK\\\\r\\\\nX-Pad: \u003c/tt\u003e followed by an unbounded stream of arbitrary bytes, never sending the header terminator. The gun connection process will continuously append the incoming data to its buffer, causing unbounded heap growth. Because BEAM imposes no per-process heap limit by default, a single malicious connection can exhaust all available memory on the node, causing a node-wide out-of-memory crash.\u003c/p\u003e\u003cp\u003eThis issue affects gun: from 1.0.0 before 2.4.0.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:ninenines:gun:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2.4.0\", \"versionStartIncluding\": \"1.0.0\"}], \"operator\": \"OR\"}], \"operator\": \"AND\"}], \"providerMetadata\": {\"orgId\": \"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\", \"shortName\": \"EEF\", \"dateUpdated\": \"2026-06-08T16:35:01.405Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-43973\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-08T16:35:01.405Z\", \"dateReserved\": \"2026-05-04T18:23:25.574Z\", \"assignerOrgId\": \"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\", \"datePublished\": \"2026-06-08T14:12:42.128Z\", \"assignerShortName\": \"EEF\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…