CVE Watchtower


← Back to CVE List

CVE-2026-50254NVD

Vulnerability Summary

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it.
Severity Level
HIGH(7.5)
Published Date
Jun 30, 2026
Last Modified
Jul 1, 2026
Exploitation Status
No confirmed exploitation yet
EPSS Score (30-Day)
0.38%Probability
Root Weakness (CWE)
N/A
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone