216.73.216.86

CVE-2026-26076

· Published 12/02/2026 22:16 · Modified 12/02/2026 22:16

Labels: CVE-2026-26076 2026-02-12CVE-2026-26076CWE-770[email protected]

Essential information

Published
12/02/2026 22:16
Modified
12/02/2026 22:16
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases (2-4 times above normal) in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more effort for the server to respond to by requesting a large number of cookies. This can lead to degraded server performance even when a server could otherwise handle the load. This vulnerability is fixed in 1.7.1.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ntpd / ntpd cpe:2.3:a:ntpd:ntpd:<1.7.1:*:*:*:*:*:*:*

References