CVE-2026-44796
Analyzed Analyzed - Analysis Complete
Denial of Service in Nautobot via Regex Injection

Publication date: 2026-05-28

Last updated on: 2026-05-29

Assigner: GitHub, Inc.

Description
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in combination with the use_regex flag. This vulnerability is fixed in 2.4.33 and 3.1.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-29
Generated
2026-06-18
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-44796
EUVD
EUVD-2026-32975
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
networktocode nautobot to 2.4.33 (exc)
networktocode nautobot From 3.0.0 (inc) to 3.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1333 The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability CVE-2026-44796 is a denial of service (DoS) issue caused by maliciously crafted regular expressions leading to excessive CPU usage and application unavailability. It primarily impacts system availability but does not involve unauthorized access, data leakage, or modification of sensitive information.

Because this vulnerability affects availability but not confidentiality or integrity, its direct impact on compliance with standards like GDPR or HIPAAβ€”which focus heavily on protecting personal data privacy and integrityβ€”is limited. However, prolonged denial of service could indirectly affect compliance by disrupting access to systems or services required for regulatory obligations.

No specific information is provided in the available resources about the vulnerability's impact on compliance with GDPR, HIPAA, or other regulations.

Mitigation Strategies

The primary mitigation for this vulnerability is to upgrade Nautobot to a fixed version where the issue is resolved.

  • Upgrade Nautobot to version 2.4.33 or later if using the 2.4.x branch.
  • Upgrade Nautobot to version 3.1.2 or later if using the 3.1.x branch.

These versions include a fix that introduces timeout-based protection on regex evaluation in the bulk-rename endpoints, preventing malicious regex patterns from causing denial of service.

No known workarounds exist other than applying the patch.

Executive Summary

CVE-2026-44796 is a Regular Expression Denial of Service (ReDoS) vulnerability in Nautobot's bulk-rename functionality, specifically in the UI object-bulk-rename endpoints such as /dcim/interfaces/rename/.

The vulnerability arises when user-supplied regular expressions in the 'find' field, combined with the 'use_regex' flag, cause excessive CPU usage or application hangs due to catastrophic backtracking in complex or maliciously crafted regex patterns.

This can lead to application-wide denial of service by making the system unresponsive.

The issue was fixed by introducing timeout-based protections that reject regex operations exceeding a short time limit, preventing indefinite execution.

Impact Analysis

This vulnerability can impact you by causing a denial of service condition in the Nautobot application.

An attacker can exploit the vulnerability by submitting maliciously crafted regular expressions that cause the application to consume excessive CPU resources, leading to unresponsiveness or hanging of the system.

The impact is primarily on system availability, potentially disrupting network automation and source of truth services provided by Nautobot.

The vulnerability has a moderate severity with a CVSS score of 6.5, requiring low attack complexity, low privileges, and no user interaction.

Detection Guidance

This vulnerability involves maliciously crafted regular expressions submitted to Nautobot's bulk-rename UI endpoints, causing excessive CPU usage or application hangs due to ReDoS (Regular Expression Denial of Service). Detection would involve monitoring for unusually high CPU usage or unresponsive behavior when these endpoints are accessed.

Since the issue arises from regex evaluation in the /dcim/interfaces/rename/ or similar bulk-rename endpoints, you can detect potential exploitation by observing logs or traffic for requests to these endpoints with the "use_regex" flag enabled and suspicious or complex regex patterns in the "find" field.

There are no specific commands provided in the resources to detect this vulnerability directly. However, general approaches include:

  • Monitor Nautobot server logs for errors or timeouts related to bulk-rename requests.
  • Use system monitoring tools (e.g., top, htop) to detect spikes in CPU usage correlated with requests to the bulk-rename endpoints.
  • Capture and analyze HTTP requests to Nautobot's bulk-rename endpoints to identify suspicious regex patterns in the "find" parameter when "use_regex" is true.

No explicit detection commands or scripts are provided in the available resources.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44796. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart