Unrated severityOSV Advisory· Published Jan 27, 2026· Updated Jan 27, 2026

Suricata http1: quadratic complexity in headers parsing over multiple packets

CVE-2026-22263

Description

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available.

Affected products

Oisf/SuricataOSV
Range: suricata-8.0.0, suricata-8.0.1, suricata-8.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/OISF/suricata/commit/018a377f74e3eb2b042c6f783ad9043060923428mitrex_refsource_MISC
github.com/OISF/suricata/security/advisories/GHSA-rwc5-hxj6-hwx7mitrex_refsource_CONFIRM
redmine.openinfosecfoundation.org/issues/8201mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000