Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:N as attack is delivered over the network to the HX console; PR:L because authentication is required; AC:H for specialized payload construction; A:H for full DoS; no C or I impact.
Primary rating from Vendor (trellix).
CVSS VectorVendor: trellix
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger decompression of a large file that consumes an excessive amount of system resources thus causing a Denial of Service.
AnalysisAI
Denial of Service in Trellix HX (versions 10.0.0 and earlier) allows an authenticated network attacker to exhaust appliance resources by submitting a specially crafted highly-compressed file to the HX console, triggering the product's own detection engine to perform runaway decompression. The impact is limited to availability - the EDR appliance becomes unresponsive - but disruption of an endpoint detection and response platform carries secondary operational risk by creating a monitoring blind spot. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires authenticated network access to the Trellix HX console with at least low-privilege credentials, as confirmed by PR:L in the CVSS 4.0 vector. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 6.0 (Medium) accurately characterizes a constrained threat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained low-privilege authenticated access to the Trellix HX console - through credential theft, insider access, or lateral movement - crafts a specially constructed decompression bomb archive and submits it to the HX detection interface. The HX detection engine processes the submission and triggers automatic decompression of the payload, rapidly exhausting CPU and memory on the appliance. … |
| Remediation | The primary remediation is to apply the vendor-released update referenced in the Trellix PSIRT advisory at https://support.trellix.com/s/article/000015595. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43670
GHSA-h467-wgwr-q697