CVE-2026-12588
Received Received - Intake

HX Console Denial of Service via Malicious File Decompression

Vulnerability report for CVE-2026-12588, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Trellix

Description

An attacker with access to an HX 10.0.0Β  and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger decompression of a large file that consumes an excessive amount of system resources thus causing a Denial of Service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
trellix hx From 10.0.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-409 The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects Trellix HX versions 10.0.0 and earlier. An attacker who has access to the HX console can send specially crafted data that triggers a malicious detection. This detection then causes the system to decompress a large file, which consumes an excessive amount of system resources. The result is a Denial of Service (DoS) condition, where the system becomes unavailable or unresponsive.

Impact Analysis

The impact of this vulnerability includes:

  • Denial of Service (DoS): The system may become unresponsive or crash due to excessive resource consumption, disrupting normal operations.
  • Operational disruption: If the HX console is critical for security monitoring or threat detection, its unavailability could leave your environment exposed to other threats.
  • Potential for follow-up attacks: While the primary impact is DoS, an attacker might exploit the disruption to launch additional attacks while the system is down.
Compliance Impact

This vulnerability could impact compliance with standards and regulations in the following ways:

  • GDPR: If the HX system processes or monitors personal data of EU citizens, a DoS attack could lead to a loss of availability, violating the GDPR's requirement for ensuring the confidentiality, integrity, and availability of personal data (Article 32).
  • HIPAA: For organizations handling protected health information (PHI), a DoS attack on security monitoring tools like HX could disrupt the availability of systems, potentially violating the HIPAA Security Rule's requirement to ensure the availability of electronic PHI (ePHI).
  • Other standards: Many compliance frameworks (e.g., ISO 27001, NIST CSF) require organizations to maintain the availability of critical systems. A successful DoS attack could demonstrate a failure to meet these requirements.

Organizations should assess whether this vulnerability exposes them to non-compliance risks and take appropriate mitigations, such as applying patches or implementing compensating controls.

Detection Guidance

Detection of this vulnerability involves monitoring for unusual activity related to the HX console, particularly large file decompression events that could consume excessive system resources. Since the vulnerability is triggered by specially-crafted data sent to the HX console, you can check for abnormal network traffic or logs indicating such attempts.

  • Review HX console logs for unexpected or large decompression tasks. Look for entries that indicate unusually large file processing or repeated decompression attempts.
  • Monitor network traffic to the HX console for suspicious data packets. Tools like Wireshark or network intrusion detection systems (NIDS) can help identify anomalous traffic patterns.
  • Check system resource usage (CPU, memory, disk I/O) for spikes that coincide with decompression activities. Commands like 'top', 'htop', or 'vmstat' on Linux systems can help monitor resource consumption.

Since the provided resources do not include specific detection commands or tools, refer to Trellix's official documentation or support channels for tailored detection methods.

Mitigation Strategies

To mitigate this vulnerability, follow these immediate steps:

  • Upgrade the HX system to a version later than 10.0.0, as the vulnerability affects versions 10.0.0 and earlier. Check Trellix's official advisories for the latest patched version.
  • Restrict access to the HX console to trusted networks or IP addresses only. Use firewalls or network access control lists (ACLs) to limit exposure.
  • Monitor the HX console for signs of exploitation, such as unusual decompression tasks or resource exhaustion. Set up alerts for abnormal activity.
  • Apply any available patches or workarounds provided by Trellix. Refer to the official support article (Resource 1) for specific guidance.

If no patch is immediately available, consider isolating the HX system from untrusted networks until a fix can be applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12588. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart