CVE-2026-50254
Published: 30 June 2026
Summary
CVE-2026-50254 is a high-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Cisa (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 29.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-40421
Vulnerability details
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator…
more
restarts it.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Memory leak (CWE-401) in a network service is directly exploited by remote unauthenticated requests to exhaust resources and terminate the process, matching Application or System Exploitation for Endpoint DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.