{"api_version":"1","generated_at":"2026-04-23T02:24:44+00:00","cve":"CVE-2026-31932","urls":{"html":"https://cve.report/CVE-2026-31932","api":"https://cve.report/api/cve/CVE-2026-31932.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-31932","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-31932"},"summary":{"title":"Suricata krb5: quadratic complexity in krb5 buffering","description":"Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4.","state":"PUBLISHED","assigner":"GitHub_M","published_at":"2026-04-02 14:16:28","updated_at":"2026-04-07 18:29:05"},"problem_types":["CWE-407","CWE-407 CWE-407: Inefficient Algorithmic Complexity"],"metrics":[{"version":"3.1","source":"security-advisories@github.com","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"references":[{"url":"https://redmine.openinfosecfoundation.org/issues/8305","name":"https://redmine.openinfosecfoundation.org/issues/8305","refsource":"security-advisories@github.com","tags":["Issue Tracking","Permissions Required"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr","name":"https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr","refsource":"security-advisories@github.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-31932","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31932","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"OISF","product":"suricata","version":"affected < 7.0.15","platforms":[]},{"source":"CNA","vendor":"OISF","product":"suricata","version":"affected >= 8.0.0, < 8.0.4","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"31932","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oisf","cpe5":"suricata","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"31932","cve":"CVE-2026-31932","epss":"0.000400000","percentile":"0.120670000","score_date":"2026-04-07","updated_at":"2026-04-08 00:03:39"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-31932","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-04-02T18:33:08.564205Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-02T18:33:25.016Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"suricata","vendor":"OISF","versions":[{"status":"affected","version":"< 7.0.15"},{"status":"affected","version":">= 8.0.0, < 8.0.4"}]}],"descriptions":[{"lang":"en","value":"Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-407","description":"CWE-407: Inefficient Algorithmic Complexity","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-02T14:02:40.205Z","orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M"},"references":[{"name":"https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr","tags":["x_refsource_CONFIRM"],"url":"https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr"},{"name":"https://redmine.openinfosecfoundation.org/issues/8305","tags":["x_refsource_MISC"],"url":"https://redmine.openinfosecfoundation.org/issues/8305"}],"source":{"advisory":"GHSA-rp9m-jcpw-hggr","discovery":"UNKNOWN"},"title":"Suricata krb5: quadratic complexity in krb5 buffering"}},"cveMetadata":{"assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","cveId":"CVE-2026-31932","datePublished":"2026-04-02T14:02:40.205Z","dateReserved":"2026-03-10T15:10:10.654Z","dateUpdated":"2026-04-02T18:33:25.016Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-02 14:16:28","lastModifiedDate":"2026-04-07 18:29:05","problem_types":["CWE-407","CWE-407 CWE-407: Inefficient Algorithmic Complexity"],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.15","matchCriteriaId":"1E0D4CF4-11E0-4FB1-9C17-F38257D376ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.4","matchCriteriaId":"F35C5A48-CA30-43B3-9E53-D3E51C862604"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"31932","Ordinal":"1","Title":"Suricata krb5: quadratic complexity in krb5 buffering","CVE":"CVE-2026-31932","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"31932","Ordinal":"1","NoteData":"Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4.","Type":"Description","Title":"Suricata krb5: quadratic complexity in krb5 buffering"}]}}}