Home > Vulnerability Database > CVE-2026-22264

Mend.io Vulnerability Database

CVE-2026-22264

Good to know:

Date: January 27, 2026

Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not run untrusted rulesets or run with less than 65536 signatures that can match on the same packet.

Severity Score

7.4

Related Resources (7)

Url: https://github.com/OISF/suricata/commit/5789a3d3760dbf33d93fc56c27bd9529e5bdc8f2

Url: https://github.com/OISF/suricata/security/advisories/GHSA-mqr8-m3m4-2hw5

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-22264

Url: https://redmine.openinfosecfoundation.org/issues/8190

Url: https://github.com/OISF/suricata/commit/ac1eb394181530430fb7262969f423a1bf8f209b

Url: https://github.com/OISF/suricata/commit/549d7bf60616de8e54686a188196453b5b22f715

Url: https://www.mend.io/vulnerability-database/CVE-2026-22264

Severity Score

7.4

Weakness Type (CWE)

Use After Free

CWE-416

Top Fix

Upgrade Version

Upgrade to version https://github.com/OISF/suricata.git - suricata-7.0.14;https://github.com/OISF/suricata.git - suricata-8.0.3

Learn More

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2026-22264

Good to know:

Date: January 27, 2026

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?