CVE-2026-35457 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: April 7, 2026
libp2p-rust - Denial of Service
Overview
libp2p-rust < 0.17.1 contains a denial of service caused by unbounded storage of pagination cookies in the rendezvous server, letting unauthenticated peers cause unbounded memory growth, exploit requires no authentication.
Severity & Score
Impact
Unauthenticated attackers can cause unbounded memory growth, leading to denial of service.
Mitigation
Update to version 0.17.1 or later.
Social Media Activity(2 posts)
š CVE-2026-35457 - High (8.2) libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbo... š https://www.thehackerwire.com/vulnerability/CVE-2026-35457/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-35457 - High (8.2) libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbo... š https://www.thehackerwire.com/vulnerability/CVE-2026-35457/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-35457
- Severity
- High
- CVSS Score
- 8.2
- Type
- denial_of_service
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-770
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H