Cyber Posture

CVE-2026-30350

High

Published: 27 April 2026

Published
27 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0002 4.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30350 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 4.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-5 Denial-of-service Protection good match
prevent

Directly implements denial-of-service protections at system entry points to block crafted POST requests causing resource exhaustion on the /store/items/search endpoint.

SC-6 Resource Availability good match
prevent

Protects resource availability by bounding resources allocated to requests and terminating processes that consume excessive resources, mitigating the uncontrolled consumption triggered by the CVE.

SI-10 Information Input Validation partial match
prevent

Validates information inputs to the vulnerable endpoint to reject crafted POST requests that could lead to resource exhaustion.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Remote unauthenticated DoS via crafted request to public server endpoint directly enables T1190 (exploit public-facing application) for impact and T1499.004 (application/system exploitation) via resource exhaustion (CWE-400).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Deeper analysisAI

CVE-2026-30350 is a vulnerability in the Agent Protocol server at commit e9a89f, affecting the /store/items/search endpoint. The issue enables attackers to trigger a Denial of Service (DoS) condition by sending a crafted POST request. It is classified under CWE-400 (Uncontrolled Resource Consumption) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.

The vulnerability can be exploited remotely over the network by any unauthenticated attacker with low attack complexity and no need for user interaction. By crafting and submitting a malicious POST request to the vulnerable endpoint, the attacker can consume excessive resources on the server, leading to a DoS that disrupts service availability without affecting confidentiality or integrity.

Advisories and additional details are provided in the following references: https://gist.github.com/syphonetic/d27b5965c884555acea1827988689f7d and https://github.com/ibbybuilds/aegra/tree/main.

Details

CWE(s)
CWE-400

CVEs Like This One

CVE-2025-24269Shared CWE-400
CVE-2025-65890Shared CWE-400
CVE-2025-27669Shared CWE-400
CVE-2024-54730Shared CWE-400
CVE-2025-9282Shared CWE-400
CVE-2025-70886Shared CWE-400
CVE-2025-20058Shared CWE-400
CVE-2025-21547Shared CWE-400
CVE-2026-39304Shared CWE-400
CVE-2025-56424Shared CWE-400

References