CVE-2026-43507
Publication date 1 May 2026
Last updated 13 May 2026
Ubuntu priority
Description
An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| prosody | 26.04 LTS resolute |
Needs evaluation
|
| 25.10 questing |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial | Ignored end of ESM support, was needs-triage |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
5.3 · Medium
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2026-43507
- https://prosody.im/security/advisory_735dd9d3/
- https://hg.prosody.im/trunk/rev/8a4417d32b0f
- https://hg.prosody.im/trunk/rev/166ac7d65cb6
- https://hg.prosody.im/trunk/rev/a4327478678f
- https://hg.prosody.im/trunk/rev/6c7549964d4d
- https://hg.prosody.im/trunk/rev/1e005ba71f0d