CVE-2026-45290: CWE-770: Allocation of Resources Without Limits or Throttling in CloudburstMC Network
CVE-2026-45290 is a high-severity vulnerability in the CloudburstMC Network library versions prior to 1. 0. 0. CR3-20260417. 085727-30. It allows an attacker to stall the netty event loop by exploiting a resource allocation issue without limits or throttling, rendering the network component inoperable. This affects publicly accessible software using the vulnerable versions. The vulnerability does not impact confidentiality or integrity but causes a denial of service by impacting availability. The only known mitigation is upgrading to version 1. 0.
AI Analysis
Technical Summary
CloudburstMC Network versions before 1.0.0.CR3-20260417.085727-30 contain a CWE-770 vulnerability involving allocation of resources without limits or throttling. This flaw can be exploited remotely without authentication to stall the netty event loop, causing a denial of service by making the network component inoperable. The CVSS 3.1 base score is 7.5, reflecting high severity due to network attack vector, low attack complexity, no privileges or user interaction required, and impact limited to availability. Consumers of the library should upgrade to the fixed version to remediate this issue. No vendor advisory or patch link is provided, so patch status is not explicitly confirmed beyond the recommendation to upgrade.
Potential Impact
The vulnerability causes denial of service by stalling the netty event loop in affected CloudburstMC Network versions, impacting availability of the network component. There is no impact on confidentiality or integrity. Exploitation requires network access but no privileges or user interaction. No known exploits are reported in the wild.
Mitigation Recommendations
Upgrade all affected CloudburstMC Network library instances to version 1.0.0.CR3-20260417.085727-30 or later. There are no known workarounds or temporary fixes. Patch status is not explicitly confirmed via vendor advisory, so users should verify with the vendor for official remediation guidance.
CVE-2026-45290: CWE-770: Allocation of Resources Without Limits or Throttling in CloudburstMC Network
Description
CVE-2026-45290 is a high-severity vulnerability in the CloudburstMC Network library versions prior to 1. 0. 0. CR3-20260417. 085727-30. It allows an attacker to stall the netty event loop by exploiting a resource allocation issue without limits or throttling, rendering the network component inoperable. This affects publicly accessible software using the vulnerable versions. The vulnerability does not impact confidentiality or integrity but causes a denial of service by impacting availability. The only known mitigation is upgrading to version 1. 0.
CVSS v3.1
Score 7.5high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CloudburstMC Network versions before 1.0.0.CR3-20260417.085727-30 contain a CWE-770 vulnerability involving allocation of resources without limits or throttling. This flaw can be exploited remotely without authentication to stall the netty event loop, causing a denial of service by making the network component inoperable. The CVSS 3.1 base score is 7.5, reflecting high severity due to network attack vector, low attack complexity, no privileges or user interaction required, and impact limited to availability. Consumers of the library should upgrade to the fixed version to remediate this issue. No vendor advisory or patch link is provided, so patch status is not explicitly confirmed beyond the recommendation to upgrade.
Potential Impact
The vulnerability causes denial of service by stalling the netty event loop in affected CloudburstMC Network versions, impacting availability of the network component. There is no impact on confidentiality or integrity. Exploitation requires network access but no privileges or user interaction. No known exploits are reported in the wild.
Mitigation Recommendations
Upgrade all affected CloudburstMC Network library instances to version 1.0.0.CR3-20260417.085727-30 or later. There are no known workarounds or temporary fixes. Patch status is not explicitly confirmed via vendor advisory, so users should verify with the vendor for official remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-11T20:14:43.201Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a230879e29bf47b509b6ded
Added to database: 6/5/2026, 5:33:45 PM
Last enriched: 6/5/2026, 5:48:38 PM
Last updated: 6/5/2026, 6:34:21 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.