Apache Kvrocks up to 2.15.0 denial of service

Summaryinfo

A vulnerability described as problematic has been identified in Apache Kvrocks up to 2.15.0. Affected is an unknown function. Such manipulation leads to denial of service. This vulnerability is listed as CVE-2026-46751. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability was found in Apache Kvrocks up to 2.15.0 and classified as problematic. Affected by this issue is an unknown code block. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare the problem leads to CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. Impacted is availability.

The advisory is available at lists.apache.org. This vulnerability is handled as CVE-2026-46751. The exploitation is known to be easy. The attack may be launched remotely. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 06/25/2026). This vulnerability is assigned to T1499 by the MITRE ATT&CK project.

Upgrading to version 2.16.0 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-39333). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• Apache

Name

• Kvrocks

Version

• 2.0
• 2.1
• 2.2
• 2.3
• 2.4
• 2.5
• 2.6
• 2.7
• 2.8
• 2.9
• 2.10
• 2.11
• 2.12
• 2.13
• 2.14
• 2.15.0

License

• open-source

Website

• Vendor: https://www.apache.org/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion