CVE-2026-44500 - Vulnerability Analysis
MediumCVSS: 5.3Last Updated: May 8, 2026
ZEBRA - Insecure Deserialization
Published: May 8, 2026Updated: May 8, 2026PoC AvailableRemote Exploitable
Overview
ZEBRA < 4.4.0, zebra-chain < 7.0.0, and zebra-network < 6.0.0 contain an insecure deserialization caused by improper buffer allocation in inbound deserialization paths, letting unauthenticated or post-handshake peers cause excessive memory allocation, exploit requires network access.
Severity & Score
Severity: Medium
CVSS Score: 5.3
Impact
Attackers can cause excessive memory allocation, potentially leading to denial of service by resource exhaustion.
Mitigation
Upgrade to zebrad 4.4.0, zebra-chain 7.0.0, and zebra-network 6.0.0 or later.
Related Resources
Details
- CVE ID
- CVE-2026-44500
- Severity
- Medium
- CVSS Score
- 5.3
- Type
- insecure_deserialization
- Status
- confirmed
CWE
- CWE-770
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L