Out-of-order queue mishandling in Tor software by The Tor Project
CVE-2026-44600

3.7LOW

Key Information:

Vendor: Torproject
Status: Tor
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-44600?

An issue in Tor prior to version 0.4.9.7 arises from improper handling of accounting for the conflux out-of-order queue during its clearing process. This vulnerability could potentially lead to unexpected behavior in the network's queue operations, affecting performance and security features. Users are encouraged to update to the latest version to mitigate possible risks associated with this vulnerability.

Affected Version(s)

Tor 0 < 0.4.9.7

References

https://forum.torproject.org/c/news/tor-release-announcem...

https://www.openwall.com/lists/oss-security/2026/05/06/8

https://gitlab.torproject.org/tpo/core/tor/-/work_items/4...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44600 Data

JSON

Torproject

What is CVE-2026-44600?

Affected Version(s)

References

CVSS V3.1

Timeline