CVE Catalog

CVE-2026-35505

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile — higher than 30% of all known CVEs

Summary

An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.

Risk Assessment

The risk is a denial-of-service (DoS) attack without authentication, potentially causing application downtime and port unavailability.

Recommendation

Immediately update to a patched version and consider implementing rate limiting at the network firewall level.

Original NVD description (English source)

An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS