CVE-2026-45290
Deferred Deferred - Pending Action
Event Loop DoS in Cloudburst Network Library

Publication date: 2026-06-05

Last updated on: 2026-06-05

Assigner: GitHub, Inc.

Description
Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR3-20260417.085727-30` impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a vulnerability in Network to stall the netty event loop, rendering it inoperable. All consumers of the library should upgrade to at least version `1.0.0.CR3-20260417.085727-30`. There are no known workarounds beyond updating the library.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-05
Generated
2026-06-06
AI Q&A
2026-06-05
EPSS Evaluated
N/A
NVD
CVE-2026-45290
EUVD
EUVD-2026-34861
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cloudburst_network network to 1.0.0.CR3-20260417.085727-30 (exc)
cloudburst_network network 1.0.0.CR3-20260417.085727-30
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.


Can you explain this vulnerability to me?

CVE-2026-45290 is a Denial of Service (DoS) vulnerability in the Cloudburst Network library affecting the RakNet connection handling.

The issue is caused by missing bound checks, which allows an attacker to exploit the flaw and stall the Netty event loop, rendering it inoperable.

This affects publicly accessible software using versions of the Network library prior to 1.0.0.CR3-20260417.085727-30.


How can this vulnerability impact me? :

The vulnerability can cause a Denial of Service (DoS) by stalling the Netty event loop, making the affected software inoperable.

Since the attack requires no privileges or user interaction and has low complexity, it poses a significant risk to any publicly accessible system using the vulnerable versions.

This can lead to service outages and disruption of network components relying on the Cloudburst Network library.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade the Cloudburst Network library to version 1.0.0.CR3-20260417.085727-30 or later.

There are no known workarounds beyond updating the library.

If you are a Geyser user, you can mitigate the issue by using the latest builds (Build #1114 or newer).


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart