What is the CVSS score of CVE-2026-22260?

CVE-2026-22260 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Suricata are affected by CVE-2026-22260?

Suricata versions 8.0.0 through 8.0.2 are vulnerable to denial-of-service attacks that can crash the network monitoring engine, potentially blinding security monitoring capabilities.. A patch is available.

Suricata CVE-2026-22260

HIGH

Uncontrolled Recursion (CWE-674)

2026-01-27 security-advisories@github.com

Denial Of Service Stack Overflow Suricata Suse

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

Patch released

Jan 29, 2026 - 21:03 nvd

Patch available

CVE Published

Jan 27, 2026 - 18:15 nvd

HIGH 7.5

DescriptionNVD

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit.

AnalysisAI

Suricata versions 8.0.0 through 8.0.2 are susceptible to a stack overflow crash when processing network traffic with improperly configured body size limits. An unauthenticated remote attacker can trigger a denial of service by sending crafted requests that exceed the application's stack capacity. …

RemediationAI

Within 24 hours: Identify all Suricata instances running versions 8.0.0-8.0.2 and document their criticality and network location. Within 7 days: Apply vendor patch to upgrade Suricata to version 8.0.3 or later, prioritizing production IDS/IPS sensors. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-22260 vulnerability details – vuln.today

Back

Suricata CVE-2026-22260

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code