Platform
linux
Component
suricata
Fixed in
7.0.16
8.0.1
CVE-2026-31933 describes a performance vulnerability discovered in Suricata, a popular open-source network IDS, IPS, and NSM engine. A malicious actor can exploit this flaw by sending specially crafted network traffic, leading to significant slowdowns and impacting the overall performance of Suricata when operating in IDS mode. This vulnerability affects versions 8.0.0 and earlier, as well as versions before 8.0.4. The vulnerability has been resolved in Suricata 7.0.15 and 8.0.4.
The primary impact of CVE-2026-31933 is a denial-of-service (DoS) condition. An attacker can leverage this vulnerability to overwhelm Suricata with malicious traffic, causing it to consume excessive resources and significantly degrade its performance. This can lead to missed detections of legitimate threats, rendering the IDS ineffective. The performance degradation can impact network monitoring capabilities and potentially disrupt critical services relying on Suricata for security. While not a direct data breach, the disruption caused by this vulnerability can create opportunities for other attacks to succeed.
This vulnerability was publicly disclosed on April 2, 2026. There is no indication of active exploitation campaigns at this time. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is not yet available, but the relatively straightforward nature of the exploit suggests that PoCs may emerge in the near future.
Exploit Status
EPSS
0.05% (16% percentile)
CISA SSVC
CVSS Vector
The recommended mitigation for CVE-2026-31933 is to immediately upgrade Suricata to version 7.0.15 or 8.0.4. If an immediate upgrade is not feasible due to compatibility concerns or testing requirements, consider implementing rate limiting on incoming traffic to Suricata to reduce the impact of malicious traffic. Monitor Suricata's resource utilization (CPU, memory) closely for signs of performance degradation. While a WAF or proxy cannot directly prevent this vulnerability, they can help mitigate the impact by filtering out suspicious traffic patterns. After upgrading, confirm the fix by sending a test payload designed to trigger the vulnerability and verifying that Suricata maintains normal performance.
Update Suricata to version 7.0.15 or 8.0.4, or a later version. This will resolve the quadratic complexity vulnerability in stream inspection.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-31933 is a HIGH severity vulnerability affecting Suricata versions ≤ 8.0.0 and < 8.0.4. Specially crafted traffic can cause performance degradation in IDS mode, potentially leading to a denial-of-service.
You are affected if you are running Suricata versions 8.0.0 and earlier, or versions before 8.0.4. Check your Suricata version and upgrade accordingly.
Upgrade Suricata to version 7.0.15 or 8.0.4. If immediate upgrade is not possible, consider rate limiting and monitoring resource utilization.
There is currently no evidence of active exploitation, but PoCs may emerge in the future.
Refer to the official Suricata security advisories on their website: [https://suricata.io/security-advisories/](https://suricata.io/security-advisories/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.