CVE Catalog

CVE-2026-50254

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile — higher than 30% of all known CVEs

Summary

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it.

Risk Assessment

The risk is a potential Denial of Service (DoS) attack without authentication, which can disrupt service availability and require operator intervention to restore functionality.

Recommendation

It is recommended to immediately update storescp to a patched version that fixes the memory leak vulnerability. Until an update is applied, consider restricting access to the service to trusted IP addresses or implementing additional DoS protection mechanisms.

Original NVD description (English source)

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS