CVE-2026-45290
Deferred Deferred - Pending Action
Event Loop DoS in Cloudburst Network Library

Publication date: 2026-06-05

Last updated on: 2026-06-05

Assigner: GitHub, Inc.

Description
Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR3-20260417.085727-30` impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a vulnerability in Network to stall the netty event loop, rendering it inoperable. All consumers of the library should upgrade to at least version `1.0.0.CR3-20260417.085727-30`. There are no known workarounds beyond updating the library.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-05
Generated
2026-06-27
AI Q&A
2026-06-05
EPSS Evaluated
2026-06-25
NVD
CVE-2026-45290
EUVD
EUVD-2026-34861
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cloudburst_network network to 1.0.0.CR3-20260417.085727-30 (exc)
cloudburst_network network 1.0.0.CR3-20260417.085727-30
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-45290 is a Denial of Service (DoS) vulnerability in the Cloudburst Network library affecting the RakNet connection handling.

The issue is caused by missing bound checks, which allows an attacker to exploit the flaw and stall the Netty event loop, rendering it inoperable.

This affects publicly accessible software using versions of the Network library prior to 1.0.0.CR3-20260417.085727-30.

Impact Analysis

The vulnerability can cause a Denial of Service (DoS) by stalling the Netty event loop, making the affected software inoperable.

Since the attack requires no privileges or user interaction and has low complexity, it poses a significant risk to any publicly accessible system using the vulnerable versions.

This can lead to service outages and disruption of network components relying on the Cloudburst Network library.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the Cloudburst Network library to version 1.0.0.CR3-20260417.085727-30 or later.

There are no known workarounds beyond updating the library.

If you are a Geyser user, you can mitigate the issue by using the latest builds (Build #1114 or newer).

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45290. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart