Description Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4.
CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Exploitability: 3.9 | Impact: 3.6 Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: High
Affected Packages3 packages
🔴 Vulnerability Details3 OSV CVE-2026-31934: (Suricata is a network IDS, IPS and NSM engine ↗ 2026-04-03 ▶ OSV CVE-2026-31934: Suricata is a network IDS, IPS and NSM engine ↗ 2026-04-02 ▶ CVEList Suricata smtp/mine: quadratic complexity in extracting urls ↗ 2026-04-02 ▶
📋 Vendor Advisories2 Red Hat Suricata: Suricata: Denial of Service via quadratic complexity in URL search of MIME-encoded SMTP messages ↗ 2026-04-02 ▶ Debian CVE-2026-31934: suricata - Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before vers... ↗ 2026 ▶
🕵️ Threat Intelligence13 Wiz CVE-2026-22262 Impact, Exploitability, and Mitigation Steps | Wiz ↗ ▶ Wiz CVE-2026-22264 Impact, Exploitability, and Mitigation Steps | Wiz ↗ ▶ Wiz CVE-2026-31937 Impact, Exploitability, and Mitigation Steps | Wiz ↗ ▶ Wiz CVE-2026-31935 Impact, Exploitability, and Mitigation Steps | Wiz ↗ ▶ Wiz CVE-2026-31932 Impact, Exploitability, and Mitigation Steps | Wiz ↗ ▶ Show 8 more