What is CVE-2026-49140?

CVE-2026-49140 is a medium-severity vulnerability in Hkuds Nanobot, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 4.3/10. Published 2026-06-01.

How severe is CVE-2026-49140?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Resource exhaustion in Hkuds Nanobot

CVE-2026-49140

Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth by sending media events with missing or i…

EPSS: 0.000 (11.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L.

Affected products

Hkuds Nanobot — versions 0

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

disclosure@vulncheck.com (release-notes)
disclosure@vulncheck.com (issue-tracking)
disclosure@vulncheck.com (patch)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-49140?: CVE-2026-49140 is a medium-severity vulnerability in Hkuds Nanobot, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 4.3/10. Published 2026-06-01.
How severe is CVE-2026-49140?: Medium severity. CVSS v3 base score is 4.3 out of 10.