PT-2026-40718 · Nautobot · Nautobot

Whatisproblem

·

Published

2026-05-13

·

Updated

2026-05-28

·

CVE-2026-44796

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2
Description UI object-bulk-rename endpoints, such as "/dcim/interfaces/rename/", are susceptible to an application-wide denial of service. This occurs when maliciously crafted regular expressions are provided in the find field while the use regex flag is active, causing the system to execute the evaluation for an indefinite duration.
Recommendations Update to version 2.4.33. Update to version 3.1.2.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-44796
GHSA-QRPW-GJVH-X5GM
PYSEC-2026-2226

Affected Products

Nautobot