CVE-2026-31933

HIGH

Suricata stream: quadratic complexity in stream inspection

Title source: cna

Description

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4.

References (2)

[X_Refsource_Confirm] https://github.com/OISF/suricata/security/advisories/GHSA-hvp5-gpr6-j4gp

[X_Refsource_Misc] https://redmine.openinfosecfoundation.org/issues/8272

Scores

CVSS v3 7.5

EPSS 0.0005

EPSS Percentile 15.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-407

Status published

Products (3)

oisf/suricata < 7.0.15

OISF/suricata < 7.0.15

OISF/suricata >= 8.0.0, < 8.0.4

Published Apr 02, 2026

Tracked Since Apr 02, 2026