Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 08 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Hashicorp
Hashicorp shared Library |
|
| Vendors & Products |
Hashicorp
Hashicorp shared Library |
Wed, 08 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability (CVE-2026-14362) is fixed in memberlist 0.6.0. | |
| Title | Denial of service via crafted push/pull gossip message in memberlist | |
| Weaknesses | CWE-770 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: HashiCorp
Published:
Updated: 2026-07-08T19:40:16.119Z
Reserved: 2026-07-01T19:07:40.964Z
Link: CVE-2026-14362
Updated: 2026-07-08T18:29:57.500Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T19:00:07Z