Description
Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4.
Published: 2026-04-02
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (performance degradation)
Action: Immediate Patch
AI Analysis

Impact

A quadratic complexity issue exists in Suricata’s smtp/mine component when extracting URLs from MIME-encoded SMTP messages. The flaw can cause excessive CPU usage and memory consumption, leading to degraded performance or a denial of service on the affected system. The weakness is classified as CWE‑1333 (Excessive Computation) and CWE‑407 (Improper Resource Management).

Affected Systems

The issue affects the OISF Suricata product, specifically versions 8.0.0 through 8.0.3. Users running any of these releases should verify that their deployment is affected and plan to upgrade.

Risk and Exploitability

With a CVSS score of 7.5, the vulnerability is considered high severity. The EPSS score is below 1%, indicating low current exploit probability, and it is not listed in CISA’s KEV catalog. The likely attack vector is an attacker sending specially crafted SMTP MIME traffic to a Suricata instance, which could trigger the high‑complexity algorithm and drain resources.

Generated by OpenCVE AI on April 7, 2026 at 23:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch by updating to Suricata version 8.0.4 or later
  • If an upgrade is not immediately possible, limit the volume of SMTP traffic processed by Suricata to reduce the impact of the quadratic operation
  • Monitor CPU and memory metrics for Suricata during periods of high SMTP traffic and consider temporarily disabling URL extraction if performance degrades

Generated by OpenCVE AI on April 7, 2026 at 23:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

Fri, 03 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1333
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Oisf
Oisf suricata
Vendors & Products Oisf
Oisf suricata

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Description Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4.
Title Suricata smtp/mine: quadratic complexity in extracting urls
Weaknesses CWE-407
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oisf Suricata
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-02T15:00:49.250Z

Reserved: 2026-03-10T15:10:10.654Z

Link: CVE-2026-31934

cve-icon Vulnrichment

Updated: 2026-04-02T15:00:44.719Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T15:16:37.440

Modified: 2026-04-07T21:20:09.030

Link: CVE-2026-31934

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-02T14:21:08Z

Links: CVE-2026-31934 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:56:22Z

Weaknesses