What is CVE-2026-35480?

A medium-severity vulnerability exists in Protocol's go-ipld-prime prior to version 0.22.0, allowing for excessive memory allocation. Organizations are advised to patch this vulnerability to prevent potential availability issues.

What is the severity of CVE-2026-35480?

CVE-2026-35480 has a severity rating of MEDIUM with a CVSS base score of 6.2.

CVE-2026-35480 | Medium Vulnerability in Protocol go-ipld-prime

This vulnerability allows excessive memory allocation due to the way the DAG-CBOR decoder handles collection sizes declared in CBOR headers. Specifically, prior to version 0.22.0, the decoder uses these sizes as allocation hints without capping them, which can lead to high memory usage from small payloads.

The CVSS score for this vulnerability is 6.2, indicating a medium severity level. This is significant as the resource consumption could lead to denial-of-service conditions, affecting the availability of applications utilizing the go-ipld-prime library.

Organizations utilizing versions prior to 0.22.0 of go-ipld-prime should prioritize remediation to mitigate potential risks. The urgency for patching is classified as medium, allowing for scheduling in the next patch cycle.

As of now, there is no public exploit confirmed for this vulnerability. However, given its nature, it is crucial to remain vigilant and ensure that systems are updated to the latest version.

Vulnerability Details

The vulnerability is described as follows: go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementation of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. The specific issue is that the DAG-CBOR decoder does not limit the size hints it uses for memory allocation, which can be exploited to consume excessive memory.

The affected product is go-ipld-prime, with a CVSS base score of 6.2, indicating potential high impacts on availability while having no confidentiality or integrity impact.

Technical Analysis

The root cause of this vulnerability stems from the design of the DAG-CBOR decoder which utilizes collection sizes in CBOR headers as preallocation hints. There is no mechanism to cap these hints, resulting in potential memory exhaustion when small payloads are processed.

The attack vector is local, and the complexity is low, as it does not require any special privileges or user interaction to exploit. The impact on availability is high since it can lead to denial of service conditions.

Risk & Impact Analysis

Risk to organizations includes potential service disruptions resulting from high memory consumption, which may degrade performance or crash applications relying on the go-ipld-prime library. The urgency for organizations is assessed as medium, recommending remediation in the next patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of go-ipld-prime are all versions prior to 0.22.0. Organizations should ensure they are updated to the latest version to mitigate this vulnerability.

Mitigation & Remediation

To remediate this vulnerability, organizations should upgrade to version 0.22.0 or later of the go-ipld-prime library. If immediate application of the patch is not feasible, consider implementing monitoring to detect unusual memory usage patterns as a temporary measure. Additionally, organizations can enhance their configurations by applying hardening practices to reduce exposure.

For further insights into improving security posture, organizations may explore continuous penetration testing strategies.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for unusual memory usage patterns. Additionally, behavioral anomalies in applications utilizing the go-ipld-prime library should be scrutinized. Network signatures indicating excessive memory requests may also serve as indicators of potential issues.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its potential to expose organizations to availability risks through resource exhaustion. This case highlights the importance of rigorous resource management in software design. Security teams should take this as a lesson to regularly evaluate third-party libraries for vulnerabilities and ensure timely updates.

For additional best practices on security assessments, organizations can refer to penetration testing methodology. Furthermore, understanding vulnerability management can significantly enhance resilience against future threats, as detailed in vulnerability management program design. Lastly, for a comprehensive view on security assessments, organizations should explore API penetration testing.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-35480: Medium Vulnerability in Protocol go-ipld-prime