Skip to main content

Trellix HX EUVDEUVD-2026-43670

| CVE-2026-12588 MEDIUM
Improper Handling of Highly Compressed Data (Data Amplification) (CWE-409)
2026-07-14 trellixpsirt@trellix.com GHSA-h467-wgwr-q697
6.0
CVSS 4.0 · Vendor: trellix
Share

Severity by source

Vendor (trellix) PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

AV:N as attack is delivered over the network to the HX console; PR:L because authentication is required; AC:H for specialized payload construction; A:H for full DoS; no C or I impact.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (trellix).

CVSS VectorVendor: trellix

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 14, 2026 - 13:35 vuln.today

DescriptionCVE.org

An attacker with access to an HX 10.0.0  and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger decompression of a large file that consumes an excessive amount of system resources thus causing a Denial of Service.

AnalysisAI

Denial of Service in Trellix HX (versions 10.0.0 and earlier) allows an authenticated network attacker to exhaust appliance resources by submitting a specially crafted highly-compressed file to the HX console, triggering the product's own detection engine to perform runaway decompression. The impact is limited to availability - the EDR appliance becomes unresponsive - but disruption of an endpoint detection and response platform carries secondary operational risk by creating a monitoring blind spot. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege HX console credentials
Delivery
Craft decompression bomb payload targeting HX detection pipeline
Exploit
Submit crafted data to HX console interface
Execution
HX detection engine triggers uncontrolled decompression
Persist
Appliance CPU and memory exhausted
Impact
EDR platform becomes unavailable

Vulnerability AssessmentAI

Exploitation Exploitation requires authenticated network access to the Trellix HX console with at least low-privilege credentials, as confirmed by PR:L in the CVSS 4.0 vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.0 (Medium) accurately characterizes a constrained threat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained low-privilege authenticated access to the Trellix HX console - through credential theft, insider access, or lateral movement - crafts a specially constructed decompression bomb archive and submits it to the HX detection interface. The HX detection engine processes the submission and triggers automatic decompression of the payload, rapidly exhausting CPU and memory on the appliance. …
Remediation The primary remediation is to apply the vendor-released update referenced in the Trellix PSIRT advisory at https://support.trellix.com/s/article/000015595. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43670 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy