Cyber Resilience

CVE-2026-31932

HighDDoS

Published: 02 April 2026

Published
02 April 2026
Modified
07 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0027 18.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-31932 is a high-severity Inefficient Algorithmic Complexity (CWE-407) vulnerability in Oisf Suricata. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 18.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2026-31932 affects Suricata, an open-source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring (NSM) engine. The vulnerability stems from an inefficiency in KRB5 buffering that causes performance degradation. It impacts versions of Suricata prior to 7.0.15 and 8.0.4, and has been assigned CWE-407 (incomplete cleanup) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

The vulnerability can be exploited remotely over the network by unauthenticated attackers with low complexity and no user interaction required. By sending crafted traffic that triggers the inefficient KRB5 buffering, attackers can induce significant performance degradation, leading to high availability impact such as denial-of-service on the affected Suricata instance. There is no impact on confidentiality or integrity.

Advisories recommend upgrading to Suricata versions 7.0.15 or 8.0.4, where the issue has been patched. Detailed information is available in the GitHub Security Advisory at https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr and the Open Information Security Foundation Redmine issue at https://redmine.openinfosecfoundation.org/issues/8305.

EU & UK References

Vulnerability details

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Why these techniques?

CVE enables remote exploitation of Suricata (IDS/IPS) via crafted KRB5 traffic to trigger performance DoS (availability impact only), directly supporting T1499.004 (application/system exploitation for endpoint DoS) and T1562.001 (disable/modify security tools by impairing the monitoring engine).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-31933Same product: Oisf Suricata
CVE-2026-31934Same product: Oisf Suricata
CVE-2026-31937Same product: Oisf Suricata
CVE-2026-31935Same product: Oisf Suricata
CVE-2026-22264Same product: Oisf Suricata
CVE-2026-22262Same product: Oisf Suricata
CVE-2026-31931Same product: Oisf Suricata
CVE-2024-55628Same product: Oisf Suricata
CVE-2026-22259Same product: Oisf Suricata
CVE-2026-22258Same product: Oisf Suricata

Affected Assets

oisf
suricata
≤ 7.0.15 · 8.0.0 — 8.0.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 mandates timely identification, reporting, and correction of software flaws, directly requiring patching of the KRB5 buffering inefficiency in vulnerable Suricata versions to prevent DoS exploitation.

preventdetect

SC-5 implements denial-of-service detection and prevention mechanisms that limit harm from crafted traffic causing performance degradation in Suricata.

prevent

SC-6 ensures resource availability protections, including allocation procedures to mitigate resource exhaustion from the inefficient KRB5 buffering in Suricata.

References