CVE-2026-44603
LowUpdated
Published: 07 May 2026
Published
07 May 2026
Modified
17 June 2026
KEV Added
—
Patch
—
CVSS Score v3.1
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.0034
26.2th percentile
Summary
CVE-2026-44603 is a low-severity Off-by-one Error (CWE-193) vulnerability in Torproject Tor. Its CVSS base score is 3.7 (Low).
Operationally, ranked at the 26.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-28306
Vulnerability details
Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.Confidence: LOW · MITRE ATT&CK Enterprise v19.0
CVEs Like This One
CVE-2021-34550Same product: Torproject Tor
CVE-2026-44597Same product: Torproject Tor
CVE-2026-44602Same product: Torproject Tor
CVE-2022-33903Same product: Torproject Tor
CVE-2021-34548Same product: Torproject Tor
CVE-2021-34549Same product: Torproject Tor
CVE-2026-44601Same product: Torproject Tor
CVE-2021-38385Same product: Torproject Tor
CVE-2026-44599Same product: Torproject Tor
CVE-2026-44600Same product: Torproject Tor
Affected Assets
torproject
tor
≤ 0.4.9.7
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.