CVE-2026-31933
Received Received - Intake
Performance Degradation in Suricata IDS via Crafted Traffic

Publication date: 2026-04-02

Last updated on: 2026-04-07

Assigner: GitHub, Inc.

Description
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-07
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31933
EUVD
EUVD-2026-18241
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
oisf suricata to 7.0.15 (exc)
oisf suricata From 8.0.0 (inc) to 8.0.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-407 An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-31933 is a vulnerability in Suricata, a network Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) engine. The issue arises from quadratic complexity in stream inspection, meaning that specially crafted network traffic can trigger worst-case algorithmic behavior. This causes Suricata to significantly slow down when operating in IDS mode.

This vulnerability is classified under CWE-407 (Inefficient Algorithmic Complexity) and affects Suricata versions prior to 7.0.15 and 8.0.4.

Impact Analysis

The vulnerability can cause Suricata to slow down significantly when processing specially crafted network traffic. This degradation in performance affects the availability of the IDS functionality, potentially allowing malicious traffic to go undetected or delaying detection.

Since the attack vector is network-based with low complexity and requires no privileges or user interaction, an attacker can exploit this remotely to disrupt network monitoring and security operations.

Compliance Impact

This vulnerability in Suricata causes a significant degradation in performance (availability) when processing specially crafted network traffic in IDS mode. However, it does not impact confidentiality or integrity of data.

Since the vulnerability does not affect data confidentiality or integrity, but only availability, its direct impact on compliance with standards like GDPR or HIPAAβ€”which primarily focus on protecting personal data confidentiality and integrityβ€”is limited.

Nevertheless, reduced availability of Suricata's IDS functionality could indirectly affect an organization's ability to detect and respond to network threats, which may have compliance implications depending on the regulatory requirements for continuous monitoring and incident response.

Mitigation Strategies

The recommended immediate mitigation is to upgrade Suricata to version 7.0.15 or 8.0.4 or later, where this vulnerability has been patched.

No other workarounds or temporary fixes are available according to the provided information.

Detection Guidance

This vulnerability causes Suricata to slow down significantly when processing specially crafted network traffic in IDS mode due to quadratic complexity in stream inspection.

Detection can involve monitoring Suricata's performance metrics for unusual slowdowns or high resource usage during IDS operation, especially when processing network streams.

However, no specific detection commands or signatures are provided in the available information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31933. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart