Denial-of-Service Vulnerability in HashiCorp Memberlist
CVE-2026-14362
4.9MEDIUM
What is CVE-2026-14362?
The HashiCorp Memberlist library prior to version 0.6.0 is affected by a denial-of-service vulnerability. This issue arises from improper handling of state in its push/pull mechanism. An attacker with network access to the gossip port can exploit this flaw by sending malicious messages, which may lead to excessive memory consumption on the target node. As a result, this can cause the process to terminate unexpectedly, disrupting service availability. Upgrading to version 0.6.0 or later is recommended to mitigate this risk.
Affected Version(s)
Shared library 64 bit 0.1.5 < 0.6.0
References
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This issue was reported to HashiCorp by Andy Gill of ZephrSec.