CVE-2025-26819

Name
CVE-2025-26819
Description
Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://github.com/monero-project/monero/commit/ec74ff4a3d3ca38b7912af680209a45fd1701c3d

Match rules

CPE URI Source package Min version Max version
monero >= 0 < ec74ff4a3d3ca38b7912af680209a45fd1701c3d
cpe:2.3:a:getmonero:monero:*:*:*:*:*:*:*:* monero >= None <= 0.18.3.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
monero edge-community 0.18.3.4-r2 André Klitzing <aklitzing@gmail.com> possibly vulnerable
monero edge-community 0.18.3.4-r1 André Klitzing <aklitzing@gmail.com> possibly vulnerable
monero edge-community 0.18.3.4-r0 André Klitzing <aklitzing@gmail.com> possibly vulnerable
monero edge-community 0.18.3.3-r2 André Klitzing <aklitzing@gmail.com> possibly vulnerable
monero 3.22-community 0.18.3.4-r2 André Klitzing <aklitzing@gmail.com> possibly vulnerable
monero 3.22-community 0.18.3.3-r2 André Klitzing <aklitzing@gmail.com> possibly vulnerable