CVE-2026-44600
Tor 0.4.9.7 Accounting Mishandling in Conflux Queue
Publication date: 2026-05-07
Last updated on: 2026-05-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| torproject | tor | to 0.4.9.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-696 | The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-44600 is a vulnerability in Tor versions before 0.4.9.7 where the software mishandles the accounting of the conflux out-of-order queue during the clearing of a queue. This issue is also known as TROVE-2026-010.
How can this vulnerability impact me? :
The vulnerability can lead to issues such as crashes or memory corruption within the Tor software. While the CVE description indicates an availability impact (CVSS score 3.7 with an impact on availability), it does not indicate direct impacts on confidentiality or integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
There is no information available in the provided context or resources regarding how CVE-2026-44600 affects compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
The Tor Project strongly recommends upgrading to Tor version 0.4.9.7 immediately to fix this vulnerability.