Memory Exhaustion Vulnerability in libp2p Gossipsub Implementation by libp2p
CVE-2026-46679
7.5HIGH
What is CVE-2026-46679?
A memory exhaustion vulnerability exists in the gossipsub implementation of libp2p, where three concurrent oversights permit an unauthenticated single peer to deplete the Node.js heap of any gossipsub node utilizing default configurations. This flaw can lead to resource exhaustion, disrupting service availability. The issue has been resolved in version 15.0.23, and it is essential to upgrade to this version to ensure security and stability in your applications. For further details, refer to the official advisory.
Affected Version(s)
js-libp2p < 15.0.23
