CVE-2026-22261

CVE-2026-22261

Name

CVE-2026-22261

Description

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve configuration. The setting is disabled by default.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/OISF/suricata/commit/3f0725b34c7871c2de4346c8af872f10f4501e44
security-advisories@github.com	https://github.com/OISF/suricata/commit/af246ae7ab1b70c09f83c0619b253095ccc18667
security-advisories@github.com	https://github.com/OISF/suricata/security/advisories/GHSA-5jvg-5j3p-34cf
security-advisories@github.com	https://redmine.openinfosecfoundation.org/issues/8156

Type

URI

security-advisories@github.com

https://github.com/OISF/suricata/commit/3f0725b34c7871c2de4346c8af872f10f4501e44

security-advisories@github.com

https://github.com/OISF/suricata/commit/af246ae7ab1b70c09f83c0619b253095ccc18667

security-advisories@github.com

https://github.com/OISF/suricata/security/advisories/GHSA-5jvg-5j3p-34cf

security-advisories@github.com

https://redmine.openinfosecfoundation.org/issues/8156

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:oisf:suricata::::::::`	suricata	>= None	< 7.0.14
`cpe:2.3:a:oisf:suricata::::::::`	suricata	>= 8.0.0	< 8.0.3

CPE URI

Source package

Min version

Max version

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

suricata

>= None

< 7.0.14

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

suricata

>= 8.0.0

< 8.0.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
suricata	edge-community	8.0.2-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	8.0.0-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.10-r1	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.10-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.8-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.7-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.6-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	6.0.4-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	6.0.3-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	3.23-community	8.0.0-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

suricata

edge-community

8.0.2-r0

Steve McMaster <steve@mcmaster.io>

possibly vulnerable

suricata

edge-community