CVE-2026-42786 (GCVE-0-2026-42786)
Vulnerability from cvelistv5 – Published: 2026-05-01 20:34 – Updated: 2026-05-04 17:11
VLAI?
Title
WebSocket fragmented message reassembly unbounded in bandit
Summary
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion.
The fragment reassembly path in 'Elixir.Bandit.WebSocket.Connection':handle_frame/3 in lib/bandit/websocket/connection.ex appends every incoming Continuation{fin: false} frame's payload to a per-connection iolist with no cumulative size cap. The existing max_frame_size option only bounds individual frames; a peer that streams an unbounded number of continuation frames without ever setting fin=1 grows BEAM heap linearly until the OS or a supervisor kills the process.
Because the accumulation happens before WebSock.handle_in/2 is called, the application has no opportunity to interpose a size check. Phoenix Channels and LiveView both run over WebSock on Bandit, so a stock Phoenix application exposes this surface as soon as it accepts socket connections.
This issue affects bandit: from 0.5.0 before 1.11.0.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-02T01:15:58.376139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-02T01:16:39.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/mtrudel/bandit/security/advisories/GHSA-pf94-94m9-536p"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.hex.pm",
"cpes": [
"cpe:2.3:a:mtrudel:bandit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"modules": [
"\u0027Elixir.Bandit.WebSocket.Connection\u0027"
],
"packageName": "bandit",
"packageURL": "pkg:hex/bandit",
"product": "bandit",
"programFiles": [
"lib/bandit/websocket/connection.ex"
],
"programRoutines": [
{
"name": "\u0027Elixir.Bandit.WebSocket.Connection\u0027:handle_frame/3"
}
],
"repo": "https://github.com/mtrudel/bandit",
"vendor": "mtrudel",
"versions": [
{
"lessThan": "1.11.0",
"status": "affected",
"version": "0.5.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://github.com",
"cpes": [
"cpe:2.3:a:mtrudel:bandit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"modules": [
"\u0027Elixir.Bandit.WebSocket.Connection\u0027"
],
"packageName": "mtrudel/bandit",
"packageURL": "pkg:github/mtrudel/bandit",
"product": "bandit",
"programFiles": [
"lib/bandit/websocket/connection.ex"
],
"programRoutines": [
{
"name": "\u0027Elixir.Bandit.WebSocket.Connection\u0027:handle_frame/3"
}
],
"repo": "https://github.com/mtrudel/bandit",
"vendor": "mtrudel",
"versions": [
{
"lessThan": "21612c7c7b1ce43eccd36d3af3a2299d23513667",
"status": "affected",
"version": "8909391f486d42138c5308410bc5ea49a65f4d46",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe application must accept WebSocket connections. Applications that expose no WebSocket endpoints are not affected.\u003c/p\u003e"
}
],
"value": "The application must accept WebSocket connections. Applications that expose no WebSocket endpoints are not affected."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mtrudel:bandit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.11.0",
"versionStartIncluding": "0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Ullrich"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Mat Trudel"
},
{
"lang": "en",
"type": "analyst",
"value": "Jonatan M\u00e4nnchen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion.\u003cp\u003eThe fragment reassembly path in \u003ctt\u003e\u0027Elixir.Bandit.WebSocket.Connection\u0027:handle_frame/3\u003c/tt\u003e in \u003ctt\u003elib/bandit/websocket/connection.ex\u003c/tt\u003e appends every incoming \u003ctt\u003eContinuation{fin: false}\u003c/tt\u003e frame\u0027s payload to a per-connection iolist with no cumulative size cap. The existing \u003ctt\u003emax_frame_size\u003c/tt\u003e option only bounds individual frames; a peer that streams an unbounded number of continuation frames without ever setting \u003ctt\u003efin=1\u003c/tt\u003e grows BEAM heap linearly until the OS or a supervisor kills the process.\u003c/p\u003e\u003cp\u003eBecause the accumulation happens before \u003ctt\u003eWebSock.handle_in/2\u003c/tt\u003e is called, the application has no opportunity to interpose a size check. Phoenix Channels and LiveView both run over \u003ctt\u003eWebSock\u003c/tt\u003e on Bandit, so a stock Phoenix application exposes this surface as soon as it accepts socket connections.\u003c/p\u003e\u003cp\u003eThis issue affects bandit: from 0.5.0 before 1.11.0.\u003c/p\u003e"
}
],
"value": "Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion.\n\nThe fragment reassembly path in \u0027Elixir.Bandit.WebSocket.Connection\u0027:handle_frame/3 in lib/bandit/websocket/connection.ex appends every incoming Continuation{fin: false} frame\u0027s payload to a per-connection iolist with no cumulative size cap. The existing max_frame_size option only bounds individual frames; a peer that streams an unbounded number of continuation frames without ever setting fin=1 grows BEAM heap linearly until the OS or a supervisor kills the process.\n\nBecause the accumulation happens before WebSock.handle_in/2 is called, the application has no opportunity to interpose a size check. Phoenix Channels and LiveView both run over WebSock on Bandit, so a stock Phoenix application exposes this surface as soon as it accepts socket connections.\n\nThis issue affects bandit: from 0.5.0 before 1.11.0."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T17:11:36.814Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"vendor-advisory",
"related"
],
"url": "https://github.com/mtrudel/bandit/security/advisories/GHSA-pf94-94m9-536p"
},
{
"tags": [
"related"
],
"url": "https://cna.erlef.org/cves/CVE-2026-42786.html"
},
{
"tags": [
"related"
],
"url": "https://osv.dev/vulnerability/EEF-CVE-2026-42786"
},
{
"tags": [
"patch"
],
"url": "https://github.com/mtrudel/bandit/commit/21612c7c7b1ce43eccd36d3af3a2299d23513667"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WebSocket fragmented message reassembly unbounded in bandit",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2026-42786",
"datePublished": "2026-05-01T20:34:17.014Z",
"dateReserved": "2026-04-29T18:06:33.251Z",
"dateUpdated": "2026-05-04T17:11:36.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-42786",
"date": "2026-05-05",
"epss": "0.00056",
"percentile": "0.17285"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-42786\",\"sourceIdentifier\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"published\":\"2026-05-01T21:16:17.347\",\"lastModified\":\"2026-05-05T19:37:28.367\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion.\\n\\nThe fragment reassembly path in \u0027Elixir.Bandit.WebSocket.Connection\u0027:handle_frame/3 in lib/bandit/websocket/connection.ex appends every incoming Continuation{fin: false} frame\u0027s payload to a per-connection iolist with no cumulative size cap. The existing max_frame_size option only bounds individual frames; a peer that streams an unbounded number of continuation frames without ever setting fin=1 grows BEAM heap linearly until the OS or a supervisor kills the process.\\n\\nBecause the accumulation happens before WebSock.handle_in/2 is called, the application has no opportunity to interpose a size check. Phoenix Channels and LiveView both run over WebSock on Bandit, so a stock Phoenix application exposes this surface as soon as it accepts socket connections.\\n\\nThis issue affects bandit: from 0.5.0 before 1.11.0.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"references\":[{\"url\":\"https://cna.erlef.org/cves/CVE-2026-42786.html\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/mtrudel/bandit/commit/21612c7c7b1ce43eccd36d3af3a2299d23513667\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/mtrudel/bandit/security/advisories/GHSA-pf94-94m9-536p\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://osv.dev/vulnerability/EEF-CVE-2026-42786\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/mtrudel/bandit/security/advisories/GHSA-pf94-94m9-536p\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42786\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-02T01:15:58.376139Z\"}}}], \"references\": [{\"url\": \"https://github.com/mtrudel/bandit/security/advisories/GHSA-pf94-94m9-536p\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-02T01:16:34.837Z\"}}], \"cna\": {\"title\": \"WebSocket fragmented message reassembly unbounded in bandit\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Peter Ullrich\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Mat Trudel\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"Jonatan M\\u00e4nnchen\"}], \"impacts\": [{\"capecId\": \"CAPEC-130\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-130 Excessive Allocation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:mtrudel:bandit:*:*:*:*:*:*:*:*\"], \"repo\": \"https://github.com/mtrudel/bandit\", \"vendor\": \"mtrudel\", \"modules\": [\"\u0027Elixir.Bandit.WebSocket.Connection\u0027\"], \"product\": \"bandit\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.5.0\", \"lessThan\": \"1.11.0\", \"versionType\": \"semver\"}], \"packageURL\": \"pkg:hex/bandit\", \"packageName\": \"bandit\", \"programFiles\": [\"lib/bandit/websocket/connection.ex\"], \"collectionURL\": \"https://repo.hex.pm\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"\u0027Elixir.Bandit.WebSocket.Connection\u0027:handle_frame/3\"}]}, {\"cpes\": [\"cpe:2.3:a:mtrudel:bandit:*:*:*:*:*:*:*:*\"], \"repo\": \"https://github.com/mtrudel/bandit\", \"vendor\": \"mtrudel\", \"modules\": [\"\u0027Elixir.Bandit.WebSocket.Connection\u0027\"], \"product\": \"bandit\", \"versions\": [{\"status\": \"affected\", \"version\": \"8909391f486d42138c5308410bc5ea49a65f4d46\", \"lessThan\": \"21612c7c7b1ce43eccd36d3af3a2299d23513667\", \"versionType\": \"git\"}], \"packageURL\": \"pkg:github/mtrudel/bandit\", \"packageName\": \"mtrudel/bandit\", \"programFiles\": [\"lib/bandit/websocket/connection.ex\"], \"collectionURL\": \"https://github.com\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"\u0027Elixir.Bandit.WebSocket.Connection\u0027:handle_frame/3\"}]}], \"references\": [{\"url\": \"https://github.com/mtrudel/bandit/security/advisories/GHSA-pf94-94m9-536p\", \"tags\": [\"vendor-advisory\", \"related\"]}, {\"url\": \"https://cna.erlef.org/cves/CVE-2026-42786.html\", \"tags\": [\"related\"]}, {\"url\": \"https://osv.dev/vulnerability/EEF-CVE-2026-42786\", \"tags\": [\"related\"]}, {\"url\": \"https://github.com/mtrudel/bandit/commit/21612c7c7b1ce43eccd36d3af3a2299d23513667\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion.\\n\\nThe fragment reassembly path in \u0027Elixir.Bandit.WebSocket.Connection\u0027:handle_frame/3 in lib/bandit/websocket/connection.ex appends every incoming Continuation{fin: false} frame\u0027s payload to a per-connection iolist with no cumulative size cap. The existing max_frame_size option only bounds individual frames; a peer that streams an unbounded number of continuation frames without ever setting fin=1 grows BEAM heap linearly until the OS or a supervisor kills the process.\\n\\nBecause the accumulation happens before WebSock.handle_in/2 is called, the application has no opportunity to interpose a size check. Phoenix Channels and LiveView both run over WebSock on Bandit, so a stock Phoenix application exposes this surface as soon as it accepts socket connections.\\n\\nThis issue affects bandit: from 0.5.0 before 1.11.0.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion.\u003cp\u003eThe fragment reassembly path in \u003ctt\u003e\u0027Elixir.Bandit.WebSocket.Connection\u0027:handle_frame/3\u003c/tt\u003e in \u003ctt\u003elib/bandit/websocket/connection.ex\u003c/tt\u003e appends every incoming \u003ctt\u003eContinuation{fin: false}\u003c/tt\u003e frame\u0027s payload to a per-connection iolist with no cumulative size cap. The existing \u003ctt\u003emax_frame_size\u003c/tt\u003e option only bounds individual frames; a peer that streams an unbounded number of continuation frames without ever setting \u003ctt\u003efin=1\u003c/tt\u003e grows BEAM heap linearly until the OS or a supervisor kills the process.\u003c/p\u003e\u003cp\u003eBecause the accumulation happens before \u003ctt\u003eWebSock.handle_in/2\u003c/tt\u003e is called, the application has no opportunity to interpose a size check. Phoenix Channels and LiveView both run over \u003ctt\u003eWebSock\u003c/tt\u003e on Bandit, so a stock Phoenix application exposes this surface as soon as it accepts socket connections.\u003c/p\u003e\u003cp\u003eThis issue affects bandit: from 0.5.0 before 1.11.0.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"The application must accept WebSocket connections. Applications that expose no WebSocket endpoints are not affected.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe application must accept WebSocket connections. Applications that expose no WebSocket endpoints are not affected.\u003c/p\u003e\", \"base64\": false}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:mtrudel:bandit:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"1.11.0\", \"versionStartIncluding\": \"0.5.0\"}], \"operator\": \"OR\"}], \"operator\": \"AND\"}], \"providerMetadata\": {\"orgId\": \"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\", \"shortName\": \"EEF\", \"dateUpdated\": \"2026-05-04T17:11:36.814Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-42786\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-04T17:11:36.814Z\", \"dateReserved\": \"2026-04-29T18:06:33.251Z\", \"assignerOrgId\": \"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\", \"datePublished\": \"2026-05-01T20:34:17.014Z\", \"assignerShortName\": \"EEF\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…