CVE-2026-50254
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk30th percentile — higher than 30% of all known CVEs
Summary
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it.
Risk Assessment
The risk is a potential Denial of Service (DoS) attack without authentication, which can disrupt service availability and require operator intervention to restore functionality.
Recommendation
It is recommended to immediately update storescp to a patched version that fixes the memory leak vulnerability. Until an update is applied, consider restricting access to the service to trusted IP addresses or implementing additional DoS protection mechanisms.
Original NVD description (English source)
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it.

