CVE-2026-14362
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/07/2026
Last modified:
09/07/2026
Description
HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability (CVE-2026-14362) is fixed in memberlist 0.6.0.
Impact
Base Score 3.x
4.90
Severity 3.x
MEDIUM



