Threats Tagged 'cve-2026-40303'
View all threats tagged with 'cve-2026-40303'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-40303'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-40303: CWE-400: Uncontrolled Resource Consumption in openziti zrokCVE-2026-40303 0 zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls make([]string, count) with no upper bound before any token validation occurs. The function is reached on every request to an OAuth-protected proxy share, allowing an unauthenticated remote attacker to trigger gigabyte-scale heap allocations per request, leading to process-level OOM termination or repeated goroutine panics. Both publicProxy and dynamicProxy are affected. Version 2.0.1 patches the issue. Join the discussion | CVE Database V5 | 04/17/2026, 21:01:51 UTC Added: 04/17/2026, 21:08:06 UTC |
Showing 1 to 1 of 1 result