{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-22263","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-01-07T05:19:12.923Z","datePublished":"2026-01-27T18:27:45.351Z","dateUpdated":"2026-01-27T19:56:34.976Z"},"containers":{"cna":{"title":"Suricata http1: quadratic complexity in headers parsing over multiple packets","problemTypes":[{"descriptions":[{"cweId":"CWE-1050","lang":"en","description":"CWE-1050: Excessive Platform Resource Consumption within a Loop","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"}}],"references":[{"name":"https://github.com/OISF/suricata/security/advisories/GHSA-rwc5-hxj6-hwx7","tags":["x_refsource_CONFIRM"],"url":"https://github.com/OISF/suricata/security/advisories/GHSA-rwc5-hxj6-hwx7"},{"name":"https://github.com/OISF/suricata/commit/018a377f74e3eb2b042c6f783ad9043060923428","tags":["x_refsource_MISC"],"url":"https://github.com/OISF/suricata/commit/018a377f74e3eb2b042c6f783ad9043060923428"},{"name":"https://redmine.openinfosecfoundation.org/issues/8201","tags":["x_refsource_MISC"],"url":"https://redmine.openinfosecfoundation.org/issues/8201"}],"affected":[{"vendor":"OISF","product":"suricata","versions":[{"version":">= 8.0.0, < 8.0.3","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-01-27T18:27:45.351Z"},"descriptions":[{"lang":"en","value":"Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available."}],"source":{"advisory":"GHSA-rwc5-hxj6-hwx7","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-27T19:52:05.707993Z","id":"CVE-2026-22263","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-27T19:56:34.976Z"}}]}}