CVE-2026-44796
Denial of Service in Nautobot via Regex Injection
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nautobot | nautobot | to 3.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1333 | The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation for this vulnerability is to upgrade Nautobot to a fixed version where the issue is resolved.
- Upgrade Nautobot to version 2.4.33 or later if using the 2.4.x branch.
- Upgrade Nautobot to version 3.1.2 or later if using the 3.1.x branch.
These versions include a fix that introduces timeout-based protection on regex evaluation in the bulk-rename endpoints, preventing malicious regex patterns from causing denial of service.
No known workarounds exist other than applying the patch.
Can you explain this vulnerability to me?
CVE-2026-44796 is a Regular Expression Denial of Service (ReDoS) vulnerability in Nautobot's bulk-rename functionality, specifically in the UI object-bulk-rename endpoints such as /dcim/interfaces/rename/.
The vulnerability arises when user-supplied regular expressions in the 'find' field, combined with the 'use_regex' flag, cause excessive CPU usage or application hangs due to catastrophic backtracking in complex or maliciously crafted regex patterns.
This can lead to application-wide denial of service by making the system unresponsive.
The issue was fixed by introducing timeout-based protections that reject regex operations exceeding a short time limit, preventing indefinite execution.
How can this vulnerability impact me? :
This vulnerability can impact you by causing a denial of service condition in the Nautobot application.
An attacker can exploit the vulnerability by submitting maliciously crafted regular expressions that cause the application to consume excessive CPU resources, leading to unresponsiveness or hanging of the system.
The impact is primarily on system availability, potentially disrupting network automation and source of truth services provided by Nautobot.
The vulnerability has a moderate severity with a CVSS score of 6.5, requiring low attack complexity, low privileges, and no user interaction.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves maliciously crafted regular expressions submitted to Nautobot's bulk-rename UI endpoints, causing excessive CPU usage or application hangs due to ReDoS (Regular Expression Denial of Service). Detection would involve monitoring for unusually high CPU usage or unresponsive behavior when these endpoints are accessed.
Since the issue arises from regex evaluation in the /dcim/interfaces/rename/ or similar bulk-rename endpoints, you can detect potential exploitation by observing logs or traffic for requests to these endpoints with the "use_regex" flag enabled and suspicious or complex regex patterns in the "find" field.
There are no specific commands provided in the resources to detect this vulnerability directly. However, general approaches include:
- Monitor Nautobot server logs for errors or timeouts related to bulk-rename requests.
- Use system monitoring tools (e.g., top, htop) to detect spikes in CPU usage correlated with requests to the bulk-rename endpoints.
- Capture and analyze HTTP requests to Nautobot's bulk-rename endpoints to identify suspicious regex patterns in the "find" parameter when "use_regex" is true.
No explicit detection commands or scripts are provided in the available resources.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability CVE-2026-44796 is a denial of service (DoS) issue caused by maliciously crafted regular expressions leading to excessive CPU usage and application unavailability. It primarily impacts system availability but does not involve unauthorized access, data leakage, or modification of sensitive information.
Because this vulnerability affects availability but not confidentiality or integrity, its direct impact on compliance with standards like GDPR or HIPAAβwhich focus heavily on protecting personal data privacy and integrityβis limited. However, prolonged denial of service could indirectly affect compliance by disrupting access to systems or services required for regulatory obligations.
No specific information is provided in the available resources about the vulnerability's impact on compliance with GDPR, HIPAA, or other regulations.