What is CVE-2026-22259?

CVE-2026-22259 is a high-severity vulnerability in Oisf Suricata, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2026-01-27.

How severe is CVE-2026-22259?

High severity. CVSS v3 base score is 7.5 out of 10.

Resource exhaustion in Oisf Suricata

CVE-2026-22259

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and ru…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.001 (29.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Oisf Suricata — versions < 7.0.14, >= 8.0.0, < 8.0.3

Weakness classification (CWE)

References

https://github.com/OISF/suricata/security/advisories/GHSA-878h-2x6v-84q9 (x_refsource_CONFIRM)
https://github.com/OISF/suricata/commit/50cac2e2465ca211eabfa156623e585e9037bb7e (x_refsource_MISC)
https://github.com/OISF/suricata/commit/63225d5f8ef64cc65164c0bb1800730842d54942 (x_refsource_MISC)
https://redmine.openinfosecfoundation.org/issues/8181 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-22259?: CVE-2026-22259 is a high-severity vulnerability in Oisf Suricata, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2026-01-27.
How severe is CVE-2026-22259?: High severity. CVSS v3 base score is 7.5 out of 10.