CVE-2026-49017HIGHCVSS 0.0

OpenStack Swift: s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body

Published May 27, 2026·Updated Jul 1, 2026

Description

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently unresponsive with increasing CPU and memory consumption. An authenticated attacker can systematically exhaust all proxy-server workers, resulting in denial of service. The defect was introduced in Swift 2.36.0.

Affected Packages (1)

swiftPYPI
From 2.36.0
Fixed in = 2.36.1

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free