CVE-2026-31933
Performance Degradation in Suricata IDS via Crafted Traffic
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oisf | suricata | to 7.0.15 (exc) |
| oisf | suricata | From 8.0.0 (inc) to 8.0.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-407 | An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation is to upgrade Suricata to version 7.0.15 or 8.0.4 or later, where this vulnerability has been patched.
No other workarounds or temporary fixes are available according to the provided information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability in Suricata causes a significant degradation in performance (availability) when processing specially crafted network traffic in IDS mode. However, it does not impact confidentiality or integrity of data.
Since the vulnerability does not affect data confidentiality or integrity, but only availability, its direct impact on compliance with standards like GDPR or HIPAAβwhich primarily focus on protecting personal data confidentiality and integrityβis limited.
Nevertheless, reduced availability of Suricata's IDS functionality could indirectly affect an organization's ability to detect and respond to network threats, which may have compliance implications depending on the regulatory requirements for continuous monitoring and incident response.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability causes Suricata to slow down significantly when processing specially crafted network traffic in IDS mode due to quadratic complexity in stream inspection.
Detection can involve monitoring Suricata's performance metrics for unusual slowdowns or high resource usage during IDS operation, especially when processing network streams.
However, no specific detection commands or signatures are provided in the available information.
Can you explain this vulnerability to me?
CVE-2026-31933 is a vulnerability in Suricata, a network Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) engine. The issue arises from quadratic complexity in stream inspection, meaning that specially crafted network traffic can trigger worst-case algorithmic behavior. This causes Suricata to significantly slow down when operating in IDS mode.
This vulnerability is classified under CWE-407 (Inefficient Algorithmic Complexity) and affects Suricata versions prior to 7.0.15 and 8.0.4.
How can this vulnerability impact me? :
The vulnerability can cause Suricata to slow down significantly when processing specially crafted network traffic. This degradation in performance affects the availability of the IDS functionality, potentially allowing malicious traffic to go undetected or delaying detection.
Since the attack vector is network-based with low complexity and requires no privileges or user interaction, an attacker can exploit this remotely to disrupt network monitoring and security operations.