Memory Exhaustion Vulnerability in libp2p Networking Stack by libp2p-rust
CVE-2026-35405

7.5HIGH

Key Information:

Vendor: Libp2p
Status: Rust-libp2p
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-35405?

The libp2p-rust networking stack is susceptible to a memory exhaustion issue due to lack of limits on namespace registrations by peers. This allows malicious actors to continuously register new namespaces, leading to excessive memory allocation and eventual operational failure of the server. Specifically, the libp2p-rendezvous server does not enforce restrictions on the number of namespaces a peer can register, resulting in resource depletion and potential server crashes if exploited extensively or by multiple malicious peers.

Affected Version(s)

rust-libp2p < 0.17.1

References

https://github.com/libp2p/rust-libp2p/security/advisories...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Apr 2, 2026

CVE-2026-35405 Data

JSON

Libp2p

What is CVE-2026-35405?

Affected Version(s)

References

CVSS V3.1

Timeline