PT-2026-40718 · Nautobot · Nautobot
Whatisproblem
·
Published
2026-05-13
·
Updated
2026-05-28
·
CVE-2026-44796
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Nautobot versions prior to 2.4.33
Nautobot versions prior to 3.1.2
Description
UI object-bulk-rename endpoints, such as "/dcim/interfaces/rename/", are susceptible to an application-wide denial of service. This occurs when maliciously crafted regular expressions are provided in the
find field while the use regex flag is active, causing the system to execute the evaluation for an indefinite duration.Recommendations
Update to version 2.4.33.
Update to version 3.1.2.
Exploit
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nautobot