Monero
CVE-2025-26819
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.
AnalysisAI
Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
Technical ContextAI
This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections. Affected products include: Getmonero Monero. Version information: through 0.18.3.4.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Set resource limits, implement rate limiting, validate input sizes.
An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as us
A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attac
monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . Rated high severity (CVSS 7.8), this vulnerability is low
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today