Unrated severityOSV Advisory· Published Jan 27, 2026· Updated Jan 27, 2026
Suricata eve/alert: http1 xff handling can lead to denial of service
CVE-2026-22261
Description
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve configuration. The setting is disabled by default.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/OISF/suricata/commit/3f0725b34c7871c2de4346c8af872f10f4501e44mitrex_refsource_MISC
- github.com/OISF/suricata/commit/af246ae7ab1b70c09f83c0619b253095ccc18667mitrex_refsource_MISC
- github.com/OISF/suricata/security/advisories/GHSA-5jvg-5j3p-34cfmitrex_refsource_CONFIRM
- redmine.openinfosecfoundation.org/issues/8156mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.