Cyber Resilience

CVE-2026-44601

LowUpdated

Published: 07 May 2026

Published
07 May 2026
Modified
17 June 2026
KEV Added
Patch
CVSS Score v3.1 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0034 25.6th percentile
Risk Priority 15 floored blend · peak EPSS

Summary

CVE-2026-44601 is a low-severity Improper Enforcement of a Single, Unique Action (CWE-837) vulnerability in Torproject Tor. Its CVSS base score is 3.7 (Low).

Operationally, ranked at the 25.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-44602Same product: Torproject Tor
CVE-2022-33903Same product: Torproject Tor
CVE-2021-34550Same product: Torproject Tor
CVE-2026-44599Same product: Torproject Tor
CVE-2021-34548Same product: Torproject Tor
CVE-2026-44600Same product: Torproject Tor
CVE-2021-38385Same product: Torproject Tor
CVE-2026-44603Same product: Torproject Tor
CVE-2021-34549Same product: Torproject Tor
CVE-2026-44597Same product: Torproject Tor

Affected Assets

torproject
tor
≤ 0.4.9.7

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References