CVE-2026-31937
published 2026-04-02CVE-2026-31937: Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.35%
27.0th percentile
Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | suricata | < suricata 1:8.0.1-1 (forky) | suricata 1:8.0.1-1 (forky) |
| oisf | suricata | < 7.0.15 | 7.0.15 |
| oisf | suricata | >= 0 < 1:8.0.1-1 | 1:8.0.1-1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Suricata: Suricata: Denial of Service via DCERPC buffering inefficiency
vendor_redhat·2026-04-02·CVSS 7.5
CVE-2026-31937 [HIGH] CWE-770 Suricata: Suricata: Denial of Service via DCERPC buffering inefficiency
Suricata: Suricata: Denial of Service via DCERPC buffering inefficiency
Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15.
A flaw was found in Suricata, a network intrusion detection, prevention, and security monitoring engine. A remote attacker could exploit an inefficiency in the Distributed Computing Environment/Remote Procedure Call (DCERPC) buffering mechanism. This could lead to a denial of service (DoS) due to significant performance degradation, impacting the availability of the network monitoring service.
Statement: Important: A flaw in Suricata's DCERPC buffering mechanism can lead to significant performance degradation, potentially causin
Debian
CVE-2026-31937: suricata - Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, ineffici...
vendor_debian·2026·CVSS 7.5
CVE-2026-31937 [HIGH] CVE-2026-31937: suricata - Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, ineffici...
Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 1:8.0.1-1)
sid: resolved (fixed in 1:8.0.1-1)
trixie: open
OSV
CVE-2026-31937: (Suricata is a network IDS, IPS and NSM engine
osv·2026-04-03·CVSS 7.5
CVE-2026-31937 [HIGH] CVE-2026-31937: (Suricata is a network IDS, IPS and NSM engine
(Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15 ...)
OSV
CVE-2026-31937: Suricata is a network IDS, IPS and NSM engine
osv·2026-04-02·CVSS 7.5
CVE-2026-31937 [HIGH] CVE-2026-31937: Suricata is a network IDS, IPS and NSM engine
Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-22262 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2026-22262 [MEDIUM] CVE-2026-22262 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22262 :
Suricata vulnerability analysis and mitigation
save
state
Source : NVD
## 9.8
Score
Published January 27, 2026
Severity CRITICAL
CNA Score 5.9
Affected Technologies
Suricata
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:oisf:suricata
suricata
Sources
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23 Severity CRITICAL No Fix Added at: Jan 30, 2026
Debian 11 Severity CRITICAL No Fix Added at: Jan 28, 2026
Debian 12 Severity MEDIUM No Fix Added at: Jan 28, 2026
Debian 13, 14 Severity CRITICAL Has Fix Added at: Jan 28, 2026
Echo Severit
Wiz
CVE-2026-22264 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.4
CVE-2026-22264 [HIGH] CVE-2026-22264 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22264 :
Suricata vulnerability analysis and mitigation
Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not run untrusted rulesets or run with less than 65536 signatures that can match on the same packet.
Source : NVD
## 9.1
Score
Published January 27, 2026
Severity CRITICAL
CNA Score 7.4
Affected Technologies
Suricata
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
sur
Wiz
CVE-2026-31937 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-31937 [HIGH] CVE-2026-31937 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31937 :
Suricata vulnerability analysis and mitigation
Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15.
Source : NVD
## 7.5
Score
Published April 2, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Suricata
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
suricata
cpe:2.3:a:oisf:suricata
Sources
NVD
Debian 11, 12, 13 Severity HIGH No Fix Added at: Apr 03, 2026
Debian 14 Severity HIGH Has Fix Added at: Apr 03, 2026
Echo Severity HIGH No Fix Added at:
Wiz
CVE-2026-31935 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-31935 [HIGH] CVE-2026-31935 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31935 :
Suricata vulnerability analysis and mitigation
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4.
Source : NVD
## 7.5
Score
Published April 2, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Suricata
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
suricata
cpe:2.3:a:oisf:suricata
Sources
NVD
Debian 11, 12, 13 Severity HIGH No Fix Added a
Wiz
CVE-2026-31932 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-31932 [HIGH] CVE-2026-31932 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31932 :
Suricata vulnerability analysis and mitigation
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4.
Source : NVD
## 7.5
Score
Published April 2, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Suricata
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
suricata
cpe:2.3:a:oisf:suricata
Sources
NVD
Debian 11, 12, 13 Severity HIGH No Fix Added at: Apr 03, 2026
Debian 14 Severity HIGH Has Fix Added at: Apr 03, 2026
Echo Severity HIG
Wiz
CVE-2026-31931 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-31931 [HIGH] CVE-2026-31931 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31931 :
Suricata vulnerability analysis and mitigation
Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4.
Source : NVD
## 7.5
Score
Published April 2, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Suricata
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
suricata
cpe:2.3:a:oisf:suricata
Sources
NVD
Debian 11, 12, 13 Severity HIGH No Fix Added at: Apr 03, 2026
Debian 14 Severity HIGH Has Fix Added at: Apr 03, 2026
E
Wiz
CVE-2026-22260 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-22260 [HIGH] CVE-2026-22260 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22260 :
Suricata vulnerability analysis and mitigation
request-body-limit
response-body-limit
Source : NVD
## 7.5
Score
Published January 27, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Suricata
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
suricata
cpe:2.3:a:oisf:suricata
Sources
Alpine 3.23 Severity HIGH No Fix Added at: Jan 30, 2026
Debian 14 Severity HIGH Has Fix Added at: Jan 28, 2026
Homebrew Severity HIGH Has Fix Added at: Jan 30, 2026
Nix Severity HIGH Has Fix Added at: Jan 30, 2026
Linux Severity HIGH Has Fix Added at: Jan 28, 2026
Linux Severity HIGH Has Fix Added at:
Wiz
CVE-2026-22263 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-22263 [MEDIUM] CVE-2026-22263 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22263 :
Suricata vulnerability analysis and mitigation
Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available.
Source : NVD
## 5.3
Score
Published January 27, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Suricata
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
suricata
cpe:2.3:a:oisf:suricata
Sources
Alpine 3.23 Severity MEDIUM No Fix Added at: Jan 30, 2026
Debian 14 Severity MEDIUM Has Fix A
Wiz
CVE-2026-22259 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-22259 [HIGH] CVE-2026-22259 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22259 :
Suricata vulnerability analysis and mitigation
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting killed by the OOM killer. Versions 8.0.3 or 7.0.14 contain a patch. As a workaround, disable the DNP3 parser in the suricata yaml (disabled by default).
Source : NVD
## 7.5
Score
Published January 27, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Suricata
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25.1
Exploitation P
Wiz
CVE-2026-31934 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-31934 [HIGH] CVE-2026-31934 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31934 :
Suricata vulnerability analysis and mitigation
Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4.
Source : NVD
## 7.5
Score
Published April 2, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Suricata
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
suricata
cpe:2.3:a:oisf:suricata
Sources
NVD
Debian 11, 12, 13 Severity HIGH No Fix Added at: Apr 03, 2026
Debian 14 Sever
Wiz
CVE-2026-22258 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-22258 [HIGH] CVE-2026-22258 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22258 :
Suricata vulnerability analysis and mitigation
stream.reassembly.depth
stream.reassembly.depth
Source : NVD
## 7.5
Score
Published January 27, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Suricata
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
suricata
cpe:2.3:a:oisf:suricata
Sources
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23 Severity HIGH No Fix Added at: Jan 31, 2026
Debian 11 Severity HIGH No Fix Added at: Jan 28, 2026
Debian 12 Severity MEDIUM No Fix Added at: Jan 28, 2026
Debian 13, 14 Severity HIGH Has Fix Added at: Jan 2
Wiz
CVE-2026-22261 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.7
CVE-2026-22261 [LOW] CVE-2026-22261 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22261 :
Suricata vulnerability analysis and mitigation
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve configuration. The setting is disabled by default.
Source : NVD
## 5.3
Score
Published January 27, 2026
Severity MEDIUM
CNA Score 3.7
Affected Technologies
Suricata
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:oisf:suricata
suricata
Sources
Alpin
Wiz
CVE-2026-31933 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-31933 [HIGH] CVE-2026-31933 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31933 :
Suricata vulnerability analysis and mitigation
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4.
Source : NVD
## 7.5
Score
Published April 2, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Suricata
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:oisf:suricata
suricata
Sources
NVD
Debian 11, 12, 13 Severity HIGH No Fix Added at: Apr 03, 2026
Debian 14 Severity HIGH Has Fix Added at: Apr 0
2026-04-02
Published