CVE-2026-49017

🗓️ 27 May 2026 01:57:58Reported by mitreType

OpenStack Swift s3 api infinite loop on truncated aws chunked PUT, exhausting proxy servers and causing denial of service; Swift 2.36.0.

Reporter	Title	Published	Views	Family All 16
ATTACKERKB	CVE-2026-49017	27 May 202601:57	–	attackerkb
Circl	CVE-2026-49017	27 May 202603:00	–	circl
CNNVD	OpenStack Swift 安全漏洞	27 May 202600:00	–	cnnvd
Cvelist	CVE-2026-49017	27 May 202601:57	–	cvelist
Debian	[SECURITY] [DSA 6314-1] swift security update	31 May 202618:38	–	debian
Debian CVE	CVE-2026-49017	27 May 202601:57	–	debiancve
Tenable Nessus	Debian dsa-6314 : python3-swift - security update	1 Jun 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-49017	28 May 202600:00	–	nessus
EUVD	EUVD-2026-32040	27 May 202601:57	–	euvd
NVD	CVE-2026-49017	27 May 202602:16	–	nvd

Vulners

CNA

Node

openstack swiftRange2.36.0–2.36.2

openstack swiftRange2.37.0–2.37.2

openstack swiftRange2.35.1–2.35.3

[
  {
    "defaultStatus": "unaffected",
    "product": "Swift",
    "repo": "https://opendev.org/openstack/swift",
    "vendor": "OpenStack",
    "versions": [
      {
        "lessThan": "2.36.2",
        "status": "affected",
        "version": "2.36.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.37.2",
        "status": "affected",
        "version": "2.37.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.35.3",
        "status": "affected",
        "version": "2.35.1",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
review	www.review.opendev.org/c/openstack/swift/+/987957
review	www.review.opendev.org/c/openstack/swift/+/988093
bugs	www.bugs.launchpad.net/bugs/2152205
openwall	www.openwall.com/lists/oss-security/2026/05/27/9
openwall	www.openwall.com/lists/oss-security/2026/06/02/6

02 Jun 2026 20:16Current

5.9Medium risk

Vulners AI Score5.9

CVSS 47.1

EPSS0.00268

SSVC

CWE-835