{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/eml_parser/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"id":"CVE-2026-44844"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["eml_parser"],"_cs_severities":["medium"],"_cs_tags":["dos","vulnerability","eml_parser"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-44844 is a denial-of-service vulnerability affecting Microsoft\u0026rsquo;s eml_parser component. The vulnerability stems from excessive recursion when processing nested message/rfc822 attachments within email messages. An attacker can exploit this vulnerability by crafting a malicious email with deeply nested attachments, causing the eml_parser to consume excessive resources and potentially leading to a denial-of-service condition. This vulnerability was disclosed in a Microsoft Security Response Center security update on May 28, 2026. Successful exploitation could disrupt email services relying on the affected eml_parser.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious email message containing multiple levels of nested message/rfc822 attachments.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the specially crafted email to a target system.\u003c/li\u003e\n\u003cli\u003eThe email is received and processed by a mail server or email client utilizing the vulnerable eml_parser.\u003c/li\u003e\n\u003cli\u003eThe eml_parser attempts to parse the nested attachments recursively.\u003c/li\u003e\n\u003cli\u003eThe deep nesting causes excessive resource consumption (CPU and memory).\u003c/li\u003e\n\u003cli\u003eThe eml_parser process becomes unresponsive or crashes due to resource exhaustion.\u003c/li\u003e\n\u003cli\u003eThe mail server or email client experiences a denial-of-service condition, impacting email processing for other users.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-44844 can lead to a denial-of-service condition, preventing users from accessing or processing email. The impact can range from temporary service disruptions to complete email server outages, depending on the severity of the resource exhaustion and the system\u0026rsquo;s recovery capabilities.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rules provided in this brief to detect potential exploitation attempts targeting CVE-2026-44844.\u003c/li\u003e\n\u003cli\u003eMonitor email processing systems for unusual resource consumption patterns, as indicated in the rule descriptions.\u003c/li\u003e\n\u003cli\u003eReview and adjust email processing configurations to limit recursion depth for attachment parsing.\u003c/li\u003e\n\u003cli\u003eConsider implementing rate limiting for email processing to mitigate the impact of denial-of-service attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-28T07:24:48Z","date_published":"2026-05-28T07:24:48Z","id":"https://feed.craftedsignal.io/briefs/2026-05-eml-parser-dos/","summary":"CVE-2026-44844 is a denial-of-service vulnerability in Microsoft's eml_parser due to recursion in nested message/rfc822 attachments, potentially causing a service outage.","title":"CVE-2026-44844 eml_parser Recursion Denial-of-Service","url":"https://feed.craftedsignal.io/briefs/2026-05-eml-parser-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Eml_parser","version":"https://jsonfeed.org/version/1.1"}