Out-Of-Bounds Read Vulnerability in Tor Software by Tor Project
CVE-2026-44603

3.7LOW

Key Information:

Vendor: Torproject
Status: Tor
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-44603?

An out-of-bounds read vulnerability exists in the Tor software that can be triggered by a malformed BEGIN cell. This flaw allows attackers to exploit the memory beyond the allocated bounds, potentially leading to unintended behavior or information leakage. It is crucial for users of Tor versions prior to 0.4.9.7 to update to the latest version to mitigate risks related to this issue.

Affected Version(s)

Tor 0 < 0.4.9.7

References

https://forum.torproject.org/c/news/tor-release-announcem...

https://www.openwall.com/lists/oss-security/2026/05/06/8

https://gitlab.torproject.org/tpo/core/tor/-/work_items/4...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44603 Data

JSON

Torproject

What is CVE-2026-44603?

Affected Version(s)

References

CVSS V3.1

Timeline