HOMEVULNERABILITIESCVE-2026-2261
HIGH

CVE-2026-2261

CWE-772Published: March 9, 2026· Updated: Mar 11, 2026

7.5
CVSS v3.1
EPSS:0.01%probability of exploitation in 30 daysPercentile:0.3th

Official Description

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives.

Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes before it is able to exec the helper. At this point, blocklistd still records adverse events but is unable to block new addresses or unblock addresses whose database entries have expired.

Once a second, much higher number of leaked sockets is reached, blocklistd becomes unable to receive new adverse event reports.

An attacker may take advantage of this by triggering a large number of adverse events from sacrificial IP addresses to effectively disable blocklistd before launching an attack.

Even in the absence of attacks or probes by would-be attackers, adverse events will occur regularly in the course of normal operations, and blocklistd will gradually run out file descriptors and become ineffective.

The accumulation of open sockets may have knock-on effects on other parts of the system, resulting in a general slowdown until blocklistd is restarted.

NVD Source

Technical Analysis

CVE-2026-2261 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in availability disruption (denial of service), with a CVSS base score of 7.5.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityNone
AvailabilityHigh
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

News & Research Mentioning CVE-2026-2261

Siemens SIDIS Prime
CISA Alerts· Mar 12, 2026

View CSAF Summary SIDIS Prime before V4.0.800 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, and several Node.js packages as described below. Siemens has released a new version of SIDIS Prime and recommends to update to the latest version. The following versions of Siemens SIDIS Prime are affected: SIDIS Prime vers:intdot/<4.0.800 (CVE-2024-29857, CVE-2024-30171, CVE-2024-30172, CVE-2024-41996, CVE-2025-6965, CVE-2025-7783, CVE-2025-9230, CVE-2025-9232, CVE-2025-9670, CVE-2025-12816, CVE-2025-15284, CVE-2025-58751, CVE-2025-58752, CVE-2025-58754, CVE-2025-62522, CVE-2025-64718, CVE-2025-64756, CVE-2025-66030, CVE-2025-66031, CVE-2025-66035, CVE-2025-66412, CVE-2025-69277, CVE-2026-22610) CVSS Vendor Equipment Vulnerabiliti [xlite_meta score:79 src:CISA Alerts xlite_fp:2a5cd8d28f95c6fa84c5d4bce40599165970b3e212a54b553b7bb20d8a8228ab]

All References (1)

Quick Facts

CVE IDCVE-2026-2261
CVSS Score7.5 / 10
SeverityHIGH
WeaknessCWE-772
CISA KEVNo
EPSS (30d)0.01%
PublishedMar 9, 2026

Related CVEs (CWE-772)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-2261 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.