Description
Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.
Published: 2026-05-07
Score: 3.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Tor before 0.4.9.7 has a flaw that allows a peer to attempt or accept a BEGIN_DIR command over a conflux leg. The vulnerability means a malicious node can send a BEGIN_DIR not normally allowed in that context, potentially leading to the vulnerable Tor instance parsing directory data it should not. The flaw is cataloged as CWE-669, indicating a permission or access control issue. The official description does not state any specific confidentiality, integrity, or availability consequences beyond the fact that BEGIN_DIR handling is performed improperly.

Affected Systems

Any Tor installation with a version earlier than 0.4.9.7 is susceptible. Users running those releases expose their nodes to network traffic from other Tor peers and the public internet, which could contain malicious BEGIN_DIR attempts.

Risk and Exploitability

The CVSS score of 3.7 classifies this as a low‑severity problem. No EPSS score is available, and the vulnerability is not listed in CISA KEV. The likely attack vector is remote: an adversary must be able to communicate with the vulnerable node over the Tor network or provide traffic that can be interpreted as a conflux leg. Because the description lacks detail on exploitation conditions, the exact impact remains uncertain beyond the improper handling of BEGIN_DIR.

Generated by OpenCVE AI on May 7, 2026 at 04:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Tor software to 0.4.9.7 or a later release that includes the fix referenced in commit 50f90ba8490.
  • Configure the Tor daemon or firewall rules to limit which peers can send directory commands, such as using ExcludeNodes or restricting inbound connections to known, trusted nodes.
  • Monitor Tor logs for unexpected BEGIN_DIR activity; investigate and isolate any node exhibiting anomalous directory request patterns.

Generated by OpenCVE AI on May 7, 2026 at 04:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 07 May 2026 05:15:00 +0000

Type Values Removed Values Added
Title Tor Conflux Leg Vulnerability Allowing Unauthorized BEGIN_DIR Handling

Thu, 07 May 2026 03:00:00 +0000

Type Values Removed Values Added
Description Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.
First Time appeared Torproject
Torproject tor
Weaknesses CWE-669
CPEs cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*
Vendors & Products Torproject
Torproject tor
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Torproject Tor
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-07T12:48:40.800Z

Reserved: 2026-05-07T02:11:55.866Z

Link: CVE-2026-44599

cve-icon Vulnrichment

Updated: 2026-05-07T12:47:35.446Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-07T03:16:07.327

Modified: 2026-05-07T17:31:37.787

Link: CVE-2026-44599

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T05:00:12Z

Weaknesses