Description
Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR3-20260417.085727-30` impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a vulnerability in Network to stall the netty event loop, rendering it inoperable. All consumers of the library should upgrade to at least version `1.0.0.CR3-20260417.085727-30`. There are no known workarounds beyond updating the library.
Published: 2026-06-05
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Cloudburst Network, used by Cloudburst projects, has a flaw in its connection handling that omits bounds checks, allowing an attacker to drive the underlying Netty event loop to stall. Once the event loop is stalled, network processing halts and the running service becomes inoperable, effectively denying service to legitimate users. This flaw is a form of resource exhaustion, classified under CWE-770, and directly impacts the availability of any application that relies on the vulnerable library.

Affected Systems

The vulnerability affects all systems that include CloudburstMC:Network versions older than 1.0.0.CR3-20260417.085727-30. Public‑facing applications built on earlier releases are susceptible, and any component that imports the affected library must be upgraded to the specified fixed build.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, and while no EPSS score is publicly available, the lack of exploitation evidence does not diminish the risk of a remote attack. The issue is not listed in the CISA KEV catalog, but its impact—stalling the event loop—can be executed by an external actor through normal network traffic. The most probable attack vector is remote, delivered via crafted packets that trigger the missing bounds checks during RakNet connection establishment.

Generated by OpenCVE AI on June 5, 2026 at 19:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Cloudburst Network to version 1.0.0.CR3-20260417.085727-30 or later.
  • Apply rate limiting or packet size limits on inbound RakNet traffic to mitigate resource exhaustion until the patch is applied.
  • Restart Netty services or the affected components when a stalled event loop is detected to temporarily restore service.
  • Monitor application logs for indications of stalls and apply proactive restarts or shutdowns of vulnerable components as needed.

Generated by OpenCVE AI on June 5, 2026 at 19:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Description Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR3-20260417.085727-30` impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a vulnerability in Network to stall the netty event loop, rendering it inoperable. All consumers of the library should upgrade to at least version `1.0.0.CR3-20260417.085727-30`. There are no known workarounds beyond updating the library.
Title Cloudburst Network has DoS in RakNet connection handling due to missing bound checks
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-05T16:51:12.133Z

Reserved: 2026-05-11T20:14:43.201Z

Link: CVE-2026-45290

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-05T18:17:26.343

Modified: 2026-06-05T19:02:13.790

Link: CVE-2026-45290

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T19:15:03Z

Weaknesses