Description
Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR3-20260418.124334-32` impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a bug in Network to close the parent netty channel, rendering it inoperable. All consumers of the library should upgrade to at least version `1.0.0.CR3-20260418.124334-32`. There are no known workarounds beyond updating the library.
Published: 2026-06-05
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The bug in Cloudburst Network causes the parent Netty channel to be closed when an attacker sends an invalid connection request. The error handling in the library misinterprets the malformed data, terminating the channel and rendering the affected application inoperable. This results in a denial of service for users of software that relies on the compromised library.

Affected Systems

The vulnerability affects all releases of CloudburstMC:Network before version 1.0.0.CR3-20260418.124334-32. Systems built on these versions—including any Cloudburst project that imports the Network library—are potentially exposed. Upgrade to the specified version or later to eliminate the issue.

Risk and Exploitability

With a CVSS score of 7.5, the flaw is considered high risk. Exploitation requires only the ability to establish a network connection to the vulnerable component, making it a remote attack vector. No mitigation exists other than replacing the library, and the vulnerability is not listed in CISA’s KEV catalog, though the lack of an EPSS value does not imply low threat. Administrators should treat the problem as an urgent security issue.

Generated by OpenCVE AI on June 5, 2026 at 19:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Replace the Cloudburst Network library with version 1.0.0.CR3-20260418.124334-32 or newer.
  • Rebuild and redeploy the application using the updated dependency.
  • As a temporary precaution, block or rate‑limit invalid connections at the network perimeter or by adding input validation logic to prevent malformed messages from reaching the library.

Generated by OpenCVE AI on June 5, 2026 at 19:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Description Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR3-20260418.124334-32` impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a bug in Network to close the parent netty channel, rendering it inoperable. All consumers of the library should upgrade to at least version `1.0.0.CR3-20260418.124334-32`. There are no known workarounds beyond updating the library.
Title Cloudburst Network erroneously handles invalid connections
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-05T16:52:44.025Z

Reserved: 2026-05-11T20:14:43.201Z

Link: CVE-2026-45291

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-05T18:17:26.797

Modified: 2026-06-05T19:02:13.790

Link: CVE-2026-45291

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T19:15:03Z

Weaknesses