Directory Connection Vulnerability in Tor Software by Tor Project
CVE-2026-44599

3.7LOW

Key Information:

Vendor: Torproject
Status: Tor
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-44599?

The Tor software prior to version 0.4.9.7 is susceptible to a directory connection vulnerability that may allow attackers to initiate or accept BEGIN_DIR requests through conflux legs. This vulnerability could potentially impact the integrity and confidentiality of Tor connections, emphasizing the need for users to upgrade to the latest version for improved security measures.

Affected Version(s)

Tor 0 < 0.4.9.7

References

https://forum.torproject.org/c/news/tor-release-announcem...

https://www.openwall.com/lists/oss-security/2026/05/06/8

https://gitlab.torproject.org/tpo/core/tor/-/work_items/4...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44599 Data

JSON

Torproject

What is CVE-2026-44599?

Affected Version(s)

References

CVSS V3.1

Timeline