EUVD-2026-36152

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. This issue has been patched in version 15.0.23...

CVE-2026-46679 libp2p: Memory DoS via subscription flood of unique topics

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. This issue has been patched in version 15.0.23...

CVE-2026-49840

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, eslrecvevent parses Content-Length with atol and passes the result straight to malloclen ...

PT-2026-47704

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation via chan ops.alloc buf and the chosen RX pool has a user data size smaller than 2 bytes, the segmentation counter stored ...

CVE-2026-44500

ZCV-64500: Allocation amplification in Zebra inbound deserializers affects Zebra nodes prior to 4.4.0 across zebrad, zebra-chain, and zebra-network. Inbound messages (headers, blocks, transactions) could be deserialized using generic transport or block-size ceilings, causing unauthenticated/post-...

SUSE CVE-2026-42285

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent...

GHSA-P3W2-64XM-833J GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)

Summary Remote Denial of Service DoS via Nil Pointer Dereference in BGP Update Processing An unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribute lengths, it improperly...

PT-2026-37259

Name of the Vulnerable Software and Affected Versions GoBGP versions prior to 4.5.0 Description An unauthenticated remote BGP peer can cause a fatal panic and complete loss of service availability by sending a specially crafted BGP UPDATE message. When the server receives a message with...

CVE-2026-34069

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the...

CVE-2026-34069 nimiq-consensus panics via RequestMacroChain micro-block locator

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the...

GHSA-48M6-486P-9J8P nimiq-consensus panics via RequestMacroChain micro-block locator

Impact An unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic by sending a RequestMacroChain message where the first locator hash that is on the victim’s main chain is a micro block hash not a macro block hash. In RequestMacroChain::handle, the handler selects t...

nimiq-consensus panics via RequestMacroChain micro-block locator

Impact An unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic by sending a RequestMacroChain message where the first locator hash that is on the victim’s main chain is a micro block hash not a macro block hash. In RequestMacroChain::handle, the handler selects t...