CVE-2025-70886

HIGH

Halo <2.22.4 - DoS

Title source: llm

Description

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint

Exploits (1)

nomisec WORKING POC

by HowieHz · poc

https://github.com/HowieHz/CVE-2025-70886

View Code ZIP pw:eip

References (3)

[Various Sources] https://github.com/HowieHz/CVE-2025-70886

[Various Sources] https://howiehz.top/archives/halo-comment-payload-tweaker

[Issue Tracking] https://github.com/halo-dev/halo/issues/7890

Scores

CVSS v3 7.5

EPSS 0.0020

EPSS Percentile 41.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (1)

halo/halo < 2.22.4

Published Feb 12, 2026

Tracked Since Feb 18, 2026