CVE-2026-22263

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/OISF/suricata/commit/018a377f74e3eb2b042c6f783ad9043060923428	Patch
https://github.com/OISF/suricata/security/advisories/GHSA-rwc5-hxj6-hwx7	Vendor Advisory
https://redmine.openinfosecfoundation.org/issues/8201	Permissions Required

Configurations

Configuration 1 (hide)

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-01-27 19:16

Updated : 2026-01-29 21:00

NVD link : CVE-2026-22263

Mitre link : CVE-2026-22263

CVE.ORG link : CVE-2026-22263

JSON object : View

Products Affected

oisf

suricata

CWE

CWE-1050

Excessive Platform Resource Consumption within a Loop

NVD-CWE-noinfo

5.3 /10