What is CVE-2026-35457?

CVE-2026-35457 is a high-severity vulnerability in Libp2p Rust-libp2p, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 8.2/10. Published 2026-04-07.

How severe is CVE-2026-35457?

High severity. CVSS v3 base score is 8.2 out of 10.

Resource exhaustion in Libp2p Rust-libp2p

CVE-2026-35457

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and fo…

EPSS: 0.001 (23.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H.

Affected products

Libp2p Rust-libp2p — versions < 0.17.1

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

https://github.com/libp2p/rust-libp2p/security/advisories/GHSA-v5hw-cv9c-rpg7 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-35457?: CVE-2026-35457 is a high-severity vulnerability in Libp2p Rust-libp2p, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 8.2/10. Published 2026-04-07.
How severe is CVE-2026-35457?: High severity. CVSS v3 base score is 8.2 out of 10.