Denial-of-Service Vulnerability in rpcx by Smallnest
CVE-2026-59803
Key Information:
Badges
What is CVE-2026-59803?
The rpcx library, prior to version 1.9.3, is susceptible to a denial-of-service attack due to inadequate controls in the message decoding process. When handling messages with a compression flag, the payload is decompressed without restrictions on size, which can result in significant heap allocation, potentially exhausting memory resources. This vulnerability allows an unauthenticated user to send a small compressed payload that, when decompressed, can expand to an overwhelming size, leading to out-of-memory errors and disrupting service availability.
Affected Version(s)
rpcx 0 <= 1.9.3
rpcx 047aec18efa7d037105e2b72c36dd2ae05e1acc6
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
