Description
UBB.threads is vulnerable to Denial of Service (DoS). By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other users.
Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.
Published: 2026-06-18
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw in UBB.threads allows an authenticated attacker to trigger a denial of service by flooding the application with simultaneous requests to view user profiles. Each request forces the backend to perform a database query, and when many requests are served concurrently the database subsystem can run out of resources, bringing the site to a halt for legitimate users. The issue is confirmed on version 7.7.5, though the root cause might still be present in other releases.

Affected Systems

UBB Systems UBB.threads is vulnerable. The full‑featured version 7.7.5 is confirmed to be affected, and other, as yet unvalidated, releases may also be at risk.

Risk and Exploitability

The CVSS score of 7.1 places the condition in the high‑severity range. No EPSS score is published, and the flaw is not yet listed in the CISA KEV catalog, indicating no publicly confirmed exploitation yet. Because the attack requires an authenticated user view of profiles and hinges on high concurrency, an attacker would need to hold valid credentials or compromise a legitimate account. The denial‑of‑service impact can disrupt all application users if the database resources are consumed completely. The lack of a known public exploit suggests that a vulnerability‑specific exploit may not yet exist but could be constructed by a skilled attacker who can orchestrate many concurrent profile‑view requests.

Generated by OpenCVE AI on June 18, 2026 at 19:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched release of UBB.threads once one becomes available.
  • If an upgrade is not possible, apply rate limiting or disable the authenticated profile‑view feature for high‑traffic requests to reduce concurrent database queries.
  • Adjust database connection pool thresholds and enforce stricter timeouts to protect the database from exhaustion during peak loads.

Generated by OpenCVE AI on June 18, 2026 at 19:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description UBB.threads is vulnerable to Denial of Service (DoS). By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other users. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.
Title Denial of Service in UBB.threads
Weaknesses CWE-405
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-06-18T13:09:59.369Z

Reserved: 2026-06-12T11:03:23.917Z

Link: CVE-2026-54224

cve-icon Vulnrichment

Updated: 2026-06-18T13:09:37.341Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T19:45:16Z

Weaknesses
  • CWE-405

    Asymmetric Resource Consumption (Amplification)