What is CVE-2026-34219?

CVE-2026-34219 is a medium-severity vulnerability in Libp2p Rust-libp2p, classified under Integer Overflow or Wraparound. CVSS score: 5.9/10. Published 2026-03-31.

How severe is CVE-2026-34219?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Integer overflow in Libp2p Rust-libp2p

CVE-2026-34219

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a…

Vulnerability class: Integer Overflow

EPSS: 0.001 (24.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Libp2p Rust-libp2p — versions < 0.49.4
Protocol Libp2p-gossipsub

Weakness classification (CWE)

References

https://github.com/libp2p/rust-libp2p/security/advisories/GHSA-xqmp-fxgv-xvq5 (x_refsource_CONFIRM, Exploit, Vendor Advisory)

Frequently asked questions

What is CVE-2026-34219?: CVE-2026-34219 is a medium-severity vulnerability in Libp2p Rust-libp2p, classified under Integer Overflow or Wraparound. CVSS score: 5.9/10. Published 2026-03-31.
How severe is CVE-2026-34219?: Medium severity. CVSS v3 base score is 5.9 out of 10.