CVE-2026-43506: High severity Prosody prosody vulnerability
Published May 1, 2026
·Updated
An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from unauthenticated connections.
Affected Software
3 affected components
Prosody prosody<0.12.6, >=1.0.0<13.0.5
Prosody prosody<0.12.6
Prosody prosody>=13.0.0<13.0.5
Remediation
Patch Available
Patch Available
Event History
May 1, 2026
CVE Published
via MITRE·02:45 PM
Data Sourced
via MITRE·02:45 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:16 PM
RemedyDescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-43506?
CVE-2026-43506 has been classified as a high severity vulnerability due to its potential to cause Denial of Service through memory exhaustion.
2
How do I fix CVE-2026-43506?
To fix CVE-2026-43506, you should upgrade to Prosody version 0.12.6 or 1.0.0 after 13.0.5.
3
What causes CVE-2026-43506?
CVE-2026-43506 is caused by memory leaks from unauthenticated connections that lead to memory exhaustion.
4
Which versions of Prosody are affected by CVE-2026-43506?
CVE-2026-43506 affects Prosody versions before 0.12.6 and those between 1.0.0 and 13.0.0 before 13.0.5.
5
What type of vulnerability is CVE-2026-43506?
CVE-2026-43506 is classified as a Denial of Service vulnerability.