CVE-2026-35505
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk30th percentile — higher than 30% of all known CVEs
Summary
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.
Risk Assessment
The risk is a denial-of-service (DoS) attack without authentication, potentially causing application downtime and port unavailability.
Recommendation
Immediately update to a patched version and consider implementing rate limiting at the network firewall level.
Original NVD description (English source)
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.

