CVE-2026-55233

OpenResty · OpenResty

OpenResty is vulnerable to an out-of-bounds write, potentially leading to service disruption or memory corruption.

Executive summary

An out-of-bounds write vulnerability in OpenResty allows unauthenticated attackers to cause a denial-of-service condition.

Vulnerability

This is an out-of-bounds write (CWE-787) vulnerability triggered by unauthenticated network access. The flaw allows an attacker to send specially crafted requests that result in memory corruption within the web platform.

Business impact

The vulnerability carries a CVSS score of 7.5, indicating a high severity risk primarily due to its potential to cause system crashes. Successful exploitation could result in significant service downtime, impacting business continuity and availability of web-facing applications relying on the OpenResty platform.

Remediation

Immediate Action: Update OpenResty to version 1.29.2.5 or later to incorporate the necessary memory safety patches.

Proactive Monitoring: Monitor server error logs for recurrent segmentation faults or unexpected process terminations that may indicate exploitation attempts.

Compensating Controls: Deploy a Web Application Firewall (WAF) with updated rule sets to filter malformed HTTP requests that may trigger out-of-bounds memory access.

Exploitation status

Public Exploit Available: No (exploit_available: false)

Analyst recommendation

Given the critical role of OpenResty in high-performance environments, this vulnerability poses a significant risk to service availability. Administrators should prioritize the update to version 1.29.2.5 during the next maintenance window to eliminate the risk of service disruption.