CVE-2026-54226 MEDIUM

CVE-2026-54226: Apache Kvrocks: RESTORE IntSet Integer Overflow Leads to Remote DoS

Vendor Apache Software Foundation

Product Apache Kvrocks

Published June 25, 2026

Last update June 25, 2026

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/S:N/AU:N/R:I/V:D/RE:L/U:Amber

What the vulnerability does

Description

A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.

Key dates

Disclosure timeline

June 25, 2026 CVE published