CWE-407

Low likelihood

Inefficient Algorithmic Complexity

Parent: CWE-405 - Asymmetric Resource Consumption (Amplification)

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

90 vulnerabilities with CWE-407
CVE-2026-45664 MEDIUM
ImageMagick: Policy Bypass in MNG coder could
CVSS 5.3
CVE-2026-41850 HIGH
Spring Framework Algorithmic Denial of Service via SpEL Expressions
CVSS 7.5
CVE-2026-11312 LOW
bytedance InfiniStore KV Map infinistore.h purge_kv_map algorithmic complexity
CVSS 3.3
CVE-2026-8889 HIGH
Securly Chrome Extension < 3.0.7 - Weak Hashing via SHA-1
CVSS 7.5
CVE-2026-3276 MEDIUM
Python Software Foundation CPython - Potential DoS via Quadratic Complexity in unicodedata.normalize()
CVE-2026-42504 HIGH
Quadratic complexity in WordDecoder.DecodeHeader in mime
CVSS 7.5
CVE-2026-8594 MEDIUM
Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters
CVSS 6.2
CVE-2026-44378 HIGH
Botan: Quadratic complexity decoding BER indefinite length encodings
CVSS 7.5
CVE-2026-48959 HIGH
IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward
CVSS 7.5
CVE-2026-44390 MEDIUM
Unbounded name compression in certain cases causes degradation of service
CVSS 5.3
CVE-2026-42923 MEDIUM
NLnet Labs Unbound - Degradation of Service with Unbounded NSEC3 Hash Calculations
CVSS 5.3
CVE-2026-41292 HIGH
Unbound <= 1.25.0 - Denial of Service via EDNS Option Parsing
CVSS 7.5
CVE-2026-42304 HIGH
Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
CVSS 7.5
CVE-2026-45186 LOW
libexpat < 2.8.1 - Denial of Service via Attribute Name Collision Checks
CVSS 2.9
CVE-2026-42245 HIGH
net-imap: Quadratic complexity when reading response literals
CVSS 7.5
CVE-2026-43967 HIGH
Quadratic fragment-name uniqueness check causes denial of service in absinthe
CVSS 7.5
CVE-2026-40476 HIGH
graphql-php: Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation
CVSS 7.5
CVE-2026-40164 HIGH
jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed
CVSS 7.5
CVE-2026-35599 MEDIUM
Vikunja <2.3.0 Repeating Task Handler - Denial of Service
CVSS 6.5
CVE-2026-6042 LOW
musl libc GB18030 4-byte Decoder iconv.c iconv algorithmic complexity
CVSS 3.3
CVE-2026-33033 MEDIUM
Django < 6.0.4, 5.2.13, 4.2.30 - MultiPartParser Base64 Upload Denial of Service
CVSS 6.5
CVE-2026-34827 HIGH
Rack: Algorithmic-Complexity DoS in Rack::Multipart::Parser
CVSS 7.5
CVE-2026-34230 MEDIUM
Rack: Quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header
CVSS 5.3
CVE-2026-31937 HIGH
Suricata dcerpc: quadratic complexity in dcerpc buffering
CVSS 7.5
CVE-2026-31934 HIGH
Suricata smtp/mine: quadratic complexity in extracting urls
CVSS 7.5
Details
Vulnerabilities 90
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits