CVE-2026-39197
Received Received - Intake
Denial of Service in Datadog Vector

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: MITRE

Description
An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service (DoS) via a crafted request or payload.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-39197
EUVD
EUVD-2026-36763
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
datadog vector 0.54.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-39197 affects Datadog Vector version 0.54.0 and involves a vulnerability in certain HTTP and gRPC ingest paths. The issue occurs because the software buffers or decompresses request bodies before enforcing size limits, allowing attackers to send crafted requests with oversized or highly compressed payloads.

This leads to excessive memory allocation due to trust-boundary flaws in compression handling, where checks on the decoded size happen only after memory has been allocated. As a result, attackers can cause memory exhaustion by sending maliciously crafted requests to exposed sources such as HTTP, Splunk HEC, OpenTelemetry HTTP, or gRPC ingest paths.

Impact Analysis

The vulnerability can cause a Denial of Service (DoS) by exhausting system memory resources. This can lead to process crashes or even host-level out-of-memory termination, depending on the available memory, concurrency of requests, and system restart policies.

Detection Guidance

This vulnerability can be detected by monitoring for unusual memory usage or crashes in Datadog Vector version 0.54.0, especially related to HTTP and gRPC ingest paths such as /util/http/prelude.rs. Network detection can focus on identifying crafted or oversized HTTP or gRPC requests targeting these endpoints.

Specific commands to detect exploitation attempts are not provided in the available resources. However, general approaches include using network monitoring tools to capture and analyze HTTP/gRPC traffic for unusually large or compressed payloads, and system monitoring commands to check for memory exhaustion or process crashes.

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable HTTP and gRPC ingest endpoints to trusted sources only, and monitoring for abnormal memory usage or process crashes in Datadog Vector version 0.54.0.

Since the vulnerability arises from improper handling of request body sizes and compression, applying any available patches or updates from Datadog that address this issue is critical. If no patch is available, consider disabling or limiting the use of the affected endpoints until a fix is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39197. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart