CVE-2026-22259 — Uncontrolled Resource Consumption in Suricata

CWE-400 — Uncontrolled Resource Consumption CWE-770 — Allocation of Resources Without Limits or Throttling5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 74.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oisf Suricata

Timeline

PublishedJan 27

Description

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting killed by the OOM killer. Versions 8.0.3 or 7.0.14 contain a patch. As a workaround, disable the DNP3 parser in the suricata yaml (disabled by default).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5oisf/suricata< 7.0.14+1

▶NVDoisf/suricata8.0.0 — 8.0.3+1

▶Debianoisf/suricata< 1:7.0.10-1+deb13u3+1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Suricata dnp3: unbounded transaction growth↗2026-01-27

▶

OSV

CVE-2026-22259: Suricata is a network IDS, IPS and NSM engine↗2026-01-27

▶

📋Vendor Advisories

Debian

CVE-2026-22259: suricata - Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.1...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-22259 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶