Platform
linux
Component
suricata
Fixed in
7.0.16
8.0.1
CVE-2026-31935 affects Suricata versions less than or equal to 8.0.0 and versions prior to 8.0.4. This vulnerability allows an attacker to trigger memory exhaustion by flooding the Suricata process with crafted HTTP2 continuation frames, potentially leading to a denial of service. The issue is resolved in versions 7.0.15 and 8.0.4, and users are strongly advised to upgrade.
The primary impact of CVE-2026-31935 is a denial of service (DoS). An attacker can exploit this vulnerability by sending a flood of specially crafted HTTP2 continuation frames to the Suricata process. This excessive traffic consumes memory resources, eventually leading to the Suricata process being terminated by the operating system. The blast radius is limited to the Suricata instance itself, but disruption of network monitoring and intrusion detection capabilities can have significant consequences. This vulnerability highlights the importance of robust HTTP2 parsing and memory management within network security tools.
This CVE was published on 2026-04-02. There is no indication of active exploitation or KEV listing at the time of writing. Public proof-of-concept exploits are not currently available, but the vulnerability's nature suggests it could be relatively easy to exploit once a PoC is developed. The CVSS score of 7.5 (High) indicates a significant potential for exploitation.
Exploit Status
EPSS
0.05% (16% percentile)
CISA SSVC
CVSS Vector
The recommended mitigation is to upgrade Suricata to version 7.0.15 or 8.0.4. If immediate upgrade is not possible, consider implementing rate limiting on HTTP2 connections to the Suricata instance to reduce the potential for memory exhaustion. While not a complete fix, this can provide a temporary layer of protection. Review Suricata configuration to ensure optimal memory allocation and resource usage. Monitor Suricata process resource consumption (CPU, memory) for unusual spikes.
Update Suricata to version 7.0.15 or 8.0.4, or a later version. This will correct the excessive resource consumption vulnerability caused by flooding HTTP2 continuation frames.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-31935 is a HIGH severity vulnerability affecting Suricata versions ≤ 8.0.0 and < 8.0.4. It allows attackers to cause memory exhaustion through crafted HTTP2 frames, potentially leading to a denial of service.
Yes, if you are running Suricata versions less than or equal to 8.0.0 or versions prior to 8.0.4, you are affected by this vulnerability. Check your Suricata version and upgrade accordingly.
Upgrade Suricata to version 7.0.15 or 8.0.4. As a temporary workaround, implement rate limiting on HTTP2 connections to the Suricata instance.
There is currently no evidence of active exploitation, but the vulnerability's nature suggests it could be exploited once a proof-of-concept is developed.
Refer to the official Suricata security advisories on their website for detailed information and updates regarding CVE-2026-31935.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.