CVE-2026-49017
Infinite Loop in OpenStack Swift S3API Middleware
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openstack | swift | From 2.36.0 (inc) |
| openstack | swift | to 2.36.2 (exc) |
| openstack | swift | to 2.37.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-835 | The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-49017 is a security vulnerability in OpenStack Swift's s3api middleware that causes an infinite loop when processing a truncated aws-chunked PUT request body.
Specifically, the StreamingInput class repeatedly appends empty buffers and re-reads, which causes the proxy-server worker handling the request to become permanently unresponsive with increasing CPU and memory usage.
This defect was introduced in Swift version 2.36.0 and affects versions before 2.36.2 and 2.37.2.
An authenticated attacker can exploit this by sending malformed or truncated aws-chunked payloads, triggering the infinite loop and causing denial of service.
How can this vulnerability impact me? :
The vulnerability can cause proxy-server workers in OpenStack Swift to become permanently unresponsive due to an infinite loop triggered by malformed aws-chunked PUT requests.
This leads to uncontrolled growth in CPU and memory consumption on the proxy server.
As a result, all proxy-server workers can be systematically exhausted, causing a denial of service (DoS) condition.
This can disrupt service availability until the affected processes are manually restarted or malicious accounts are suspended.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring proxy-server workers for unusually high CPU and memory usage, which indicates that a worker process may be stuck in an infinite loop caused by processing a truncated aws-chunked PUT request.
Since the issue arises from malformed or truncated aws-chunked payloads in authenticated requests, inspecting logs for repeated or failed aws-chunked PUT requests from authenticated users can help identify potential exploitation attempts.
Suggested commands to detect the issue include:
- Use system monitoring tools like 'top' or 'htop' to identify proxy-server worker processes with high CPU and memory consumption.
- Use 'ps aux | grep swift-proxy-server' to list proxy-server worker processes and check their resource usage.
- Check OpenStack Swift proxy logs for repeated aws-chunked PUT requests or errors related to truncated chunked input.
- Use network monitoring tools like 'tcpdump' or 'wireshark' to capture and analyze aws-chunked PUT requests to detect malformed or truncated payloads.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include suspending or disabling accounts that are suspected of sending malformed or truncated aws-chunked PUT requests to prevent further exploitation.
Restarting affected proxy-server worker processes will clear the infinite loop state and restore normal operation.
Applying patches or updates that fix the handling of truncated aws-chunked input, once available, is recommended to permanently resolve the vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.