CVE-2026-59173
Received
Received - Intake
Uncontrolled Resource Consumption in Apache Traffic Server
Vulnerability report for CVE-2026-59173, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-18
Last updated on: 2026-07-18
Assigner: Apache Software Foundation
Description
Description
Uncontrolled Resource Consumption vulnerability in Apache Traffic Server.
This issue affects Apache Traffic Server: from 9.0.0 through 9.1.13, from 10.0.0 through 10.1.2.
Users are recommended to upgrade to version 9.1.14 or 10.1.3, which fixes the issue.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | traffic_server | From 9.0.0 (inc) to 9.1.13 (inc) |
| apache | traffic_server | From 10.0.0 (inc) to 10.1.2 (inc) |
| apache | traffic_server | 9.1.14 |
| apache | traffic_server | 10.1.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |