Description
Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available.
Published: 2026-01-27
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via Performance Degradation
Action: Patch
AI Analysis

Impact

Suricata, a network intrusion detection and prevention system, contains a quadratic‑time inefficiency in its HTTP/1 header parsing logic. This flaw reflects CWE‑1050, representing an inefficient algorithm that results in unnecessary comparisons when processing many HTTP packets. The primary impact is a denial‑of‑service through CPU exhaustion; the flaw does not affect data confidentiality or integrity.

Affected Systems

The vulnerability affects the OISF Suricata product, specifically versions 8.0.0 through 8.0.2. Version 8.0.3 and later incorporate the fix, but earlier releases remain vulnerable. No other vendors or versions are listed. Administrators running Suricata intended for high‑traffic environments should verify their installation version.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score of less than 1% suggests low current exploitation probability. Based on the description, the likely attack vector is that an adversary would send numerous HTTP requests over the public network interface, which would trigger the slow parsing loop and deplete CPU resources; the issue does not compromise confidentiality or integrity, only availability. The flaw is not present in the CISA KEV catalog at present. Administrators should monitor for abnormal CPU usage and apply the 8.0.3 update promptly.

Generated by OpenCVE AI on April 18, 2026 at 18:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • upgrade Suricata to version 8.0.3 or newer
  • enable and enforce HTTP rate limiting on the network interface that feeds Suricata
  • monitor Suricata CPU usage for sudden spikes, especially during HTTP bursts

Generated by OpenCVE AI on April 18, 2026 at 18:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 29 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

Wed, 28 Jan 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Oisf
Oisf suricata
Vendors & Products Oisf
Oisf suricata

Wed, 28 Jan 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 27 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 18:45:00 +0000

Type Values Removed Values Added
Description Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available.
Title Suricata http1: quadratic complexity in headers parsing over multiple packets
Weaknesses CWE-1050
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Oisf Suricata
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-27T19:56:34.976Z

Reserved: 2026-01-07T05:19:12.923Z

Link: CVE-2026-22263

cve-icon Vulnrichment

Updated: 2026-01-27T19:56:29.097Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-27T19:16:14.490

Modified: 2026-01-29T21:00:55.190

Link: CVE-2026-22263

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-01-27T18:27:45Z

Links: CVE-2026-22263 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T19:00:08Z

Weaknesses