Denial of Service Vulnerability in Open Source Social Network Software
CVE-2026-41309

8.2HIGH

Key Information:

Vendor

Opensource-socialnetwork

Status
Opensource-socialnetwork
Vendor
CVE Published:
24 April 2026

What is CVE-2026-41309?

The Open Source Social Network (OSSN) software prior to version 9.0 is susceptible to a vulnerability that allows an attacker to exploit the image upload functionality. By submitting an image with excessively large pixel dimensions, such as 10,000 x 10,000 pixels, the server faces high memory and CPU usage that can lead to a Denial of Service (DoS). Although the compressed image file size might be insignificant, the server processes can become overwhelmed during decompression and resizing. To enhance security, it is advisable to upgrade to OSSN version 9.0, which incorporates tighter validation on image dimensions and improved resource management. For immediate mitigation, administrators can modify their php.ini settings to set strict limits on memory_limit and max_execution_time, and implement checks to reject images that exceed reasonable sizes before processing.

Affected Version(s)

opensource-socialnetwork < 9.0

References

https://github.com/opensource-socialnetwork/opensource-so...
x_refsource_CONFIRM
https://github.com/opensource-socialnetwork/opensource-so...
x_refsource_MISC
https://github.com/opensource-socialnetwork/opensource-so...
x_refsource_MISC

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.