Prosody — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/prosody/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 01 May 2026 15:16:52 +0000Prosody Memory Exhaustion Vulnerability (CVE-2026-43506)https://feed.craftedsignal.io/briefs/2026-05-prosody-dos/Fri, 01 May 2026 15:16:52 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-prosody-dos/Prosody versions before 0.12.6, versions 1.0.0 through 13.0.0, and before version 13.0.5 are vulnerable to a denial of service due to memory leaks from unauthenticated connections, leading to memory exhaustion.A denial of service vulnerability, identified as CVE-2026-43506, affects Prosody, a popular XMPP server. The vulnerability exists in versions prior to 0.12.6, versions 1.0.0 through 13.0.0, and before version 13.0.5. Successful exploitation of this vulnerability results in a denial-of-service condition due to memory exhaustion. The root cause is memory leaks triggered by unauthenticated connections, which gradually consume server resources until the system becomes unresponsive. This vulnerability was publicly disclosed on May 1, 2026, and poses a risk to organizations using affected versions of Prosody, as it can disrupt communication services and impact overall system availability.

Attack Chain

  1. An attacker establishes an unauthenticated connection to the Prosody server.
  2. The connection triggers a memory leak within the Prosody server software.
  3. The memory leak consumes a small amount of system memory.
  4. The attacker repeatedly establishes new unauthenticated connections.
  5. Each connection triggers further memory leaks, compounding the memory consumption.
  6. The server’s available memory is gradually exhausted due to the accumulated leaks.
  7. As memory resources diminish, the Prosody server’s performance degrades.
  8. Eventually, the Prosody server becomes unresponsive, resulting in a denial-of-service condition.

Impact

The successful exploitation of CVE-2026-43506 can lead to a denial-of-service condition, rendering the Prosody XMPP server unavailable. This can disrupt communication services for organizations relying on the affected Prosody versions. The impact can range from temporary service interruptions to prolonged outages, depending on the severity of the memory exhaustion and the organization’s recovery capabilities. There is no specific information available on the number of victims or specific sectors targeted.

Recommendation

  • Upgrade Prosody servers to version 0.12.6 or 13.0.5 or later to remediate CVE-2026-43506.
  • Monitor Prosody server resource utilization, specifically memory consumption, for unusual increases that could indicate exploitation attempts.
  • Deploy the Sigma rules provided in this brief to detect potential denial-of-service attacks exploiting CVE-2026-43506 by monitoring connection patterns.
]]>mediumadvisorydenial-of-servicememory exhaustionprosody