Vulnerability in Oxia-db Oxia

CVE-2026-40943

Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat() method uses a blocking…

Vulnerability class: Race Condition

EPSS: 0.001 (17.4th percentile) — read the EPSS interpretation.

Affected products

Oxia-db Oxia — versions < 0.16.2

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

https://github.com/oxia-db/oxia/security/advisories/GHSA-5gqc-qhrj-9xw8 (x_refsource_CONFIRM)