CVE-2026-22261
published 2026-01-27CVE-2026-22261: Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered…
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.31%
22.8th percentile
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve configuration. The setting is disabled by default.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | suricata | < suricata 1:8.0.3-1 (forky) | suricata 1:8.0.3-1 (forky) |
| oisf | suricata | < 7.0.14 | 7.0.14 |
| oisf | suricata | — | — |
| oisf | suricata | >= 0 < 1:7.0.10-1+deb13u3 | 1:7.0.10-1+deb13u3 |
| oisf | suricata | >= 0 < 1:8.0.3-1 | 1:8.0.3-1 |
| oisf | suricata | >= 8.0.0 < 8.0.3 | 8.0.3 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
osv5.3MEDIUM
vendor_debian3.7LOW
vendor_redhat3.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
suricata: Suricata: Denial of Service due to XFF handling inefficiencies
vendor_redhat·2026-01-27·CVSS 3.7
CVE-2026-22261 [LOW] CWE-1050 suricata: Suricata: Denial of Service due to XFF handling inefficiencies
suricata: Suricata: Denial of Service due to XFF handling inefficiencies
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve configuration. The setting is disabled by default.
A flaw was found in Suricata, a network Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) engine. Various inefficiencies in its eXtended Forwarded For (XFF) handling, particularly for alerts not triggered in a transaction, can lead to severe slowdowns. This vulnerability could allow a remote attacker to cause a Denial of Servi
Debian
CVE-2026-22261: suricata - Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.1...
vendor_debian·2026·CVSS 3.7
CVE-2026-22261 [LOW] CVE-2026-22261: suricata - Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.1...
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve configuration. The setting is disabled by default.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 1:8.0.3-1)
sid: resolved (fixed in 1:8.0.3-1)
trixie: resolved (fixed in 1:7.0.10-1+deb13u3)
OSV
CVE-2026-22261: Suricata is a network IDS, IPS and NSM engine
osv·2026-01-27·CVSS 5.3
CVE-2026-22261 [MEDIUM] CVE-2026-22261: Suricata is a network IDS, IPS and NSM engine
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve configuration. The setting is disabled by default.
No detection rules found.
No public exploits indexed.
2026-01-27
Published