PatchSiren cyber security CVE debrief
CVE-2026-11312 bytedance CVE debrief
A vulnerability was found in Bytedance InfiniStore up to 0.2.33. The impacted element is the function purge_kv_map in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
- Vendor
- bytedance
- Product
- InfiniStore
- CVSS
- LOW 1.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Users of Bytedance InfiniStore up to 0.2.33
Technical summary
The vulnerability, CVE-2026-11312, affects Bytedance InfiniStore up to version 0.2.33. It is caused by inefficient algorithmic complexity in the purge_kv_map function located in /src/infinistore.h. This function is part of the KV Map Handler component. The vulnerability has a CVSS score of 1.9, indicating a low severity.
Defensive priority
Low
Recommended defensive actions
- Update to a version of Bytedance InfiniStore beyond 0.2.33 if available
- Implement additional monitoring for local attacks
Evidence notes
The CVE was published on 2026-06-05T02:17:10.973Z and last modified on 2026-06-05T13:27:22.650Z. The vulnerability has been made public and could potentially be used for attacks.
Official resources
The project was informed of the problem early through an issue report but has not responded yet.