PatchSiren cyber security CVE debrief
CVE-2023-43686 Malwarebytes CVE debrief
CVE-2023-43686 is a medium-severity vulnerability (CVSS score of 6.2) affecting Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). The issue occurs when a large number of Firefox preference files cause the parser to ignore other browser configuration files, leading to a denial of service.
- Vendor
- Malwarebytes
- Product
- Malwarebytes 4.x and 5.x
- CVSS
- MEDIUM 6.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later) should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by the parser ignoring other browser configuration files when a large number of Firefox preference files are present. This leads to a denial of service.
Defensive priority
MEDIUM
Recommended defensive actions
- Users should update Malwarebytes to the latest version to ensure they have the necessary patches.
- Administrators should review their Malwarebytes configurations to ensure they are not vulnerable to this issue.
Evidence notes
The CVE record [resourceLinkAnnotations:cve-org] and NVD detail [resourceLinkAnnotations:nvd] provide additional information about this vulnerability.
Official resources
-
CVE-2023-43686 CVE record
CVE.org
-
CVE-2023-43686 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2023-43686 was published on 2026-06-09T19:16:41.907Z and modified on 2026-06-09T20:16:30.320Z.