GHSA-6r3r-6rpf-v429MediumCVSS 4.9

HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push...

Published
July 8, 2026
Last Modified
July 8, 2026

🔗 CVE IDs covered (1)

📋 Description

HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability (CVE-2026-14362) is fixed in memberlist 0.6.0.

🔗 References (3)