Unrestricted Storage Exhaustion Vulnerability in libp2p by Protocol Labs
CVE-2026-45783
7.5HIGH
What is CVE-2026-45783?
Prior to version 16.2.6, libp2p, a JavaScript implementation of the libp2p networking stack, is susceptible to a storage exhaustion issue. An unauthenticated remote peer can exploit this vulnerability by sending an endless stream of crafted PUT_VALUE messages, which bypass all content validation checks. This results in the node's datastore being filled to capacity, ultimately exhausting the host disk and rendering the node unavailable. There is no need for credentials or a prior relationship, making this vulnerability particularly concerning. The issue is addressed in version 16.2.6.
Affected Version(s)
js-libp2p < 16.2.6
