PatchSiren cyber security CVE debrief
CVE-2026-60108 zeek CVE debrief
CVE-2026-60108 is an uncontrolled memory consumption vulnerability in Zeek's FTP analyzer. Unauthenticated remote attackers can cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. The vulnerability exists in the NVT_Analyzer component, which lacks a maximum line length check, leading to continuous internal buffer doubling without bounds during base64 decoding of an attacker-controlled ADAT token. This issue affects Zeek versions prior to 8.0.9.
- Vendor
- zeek
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of Zeek versions prior to 8.0.9 should apply the patch to prevent denial-of-service attacks. Network defenders and administrators responsible for Zeek installations are advised to review and update their systems. They should also monitor for potential exploitation attempts and implement compensating controls as necessary.
Technical summary
The vulnerability is caused by the NVT_Analyzer component's lack of a maximum line length check, allowing an attacker to continuously double its internal buffer without bounds during base64 decoding of an attacker-controlled ADAT token. This results in denial of service of the Zeek sensor. The issue is addressed in Zeek version 8.0.9. Affected users should review their systems and apply the necessary patches or updates.
Defensive priority
High
Recommended defensive actions
- Apply the patch from https://github.com/zeek/zeek/commit/93ff6950a90cfa9d00c1062cde429313a0402a01
- Update to Zeek version 8.0.9 or later from https://github.com/zeek/zeek/releases/tag/v8.0.9
- Review and monitor Zeek installations for potential exploitation attempts
- Implement compensating controls to detect and prevent similar attacks
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
Evidence notes
The CVE record was published on 2026-07-09T15:16:41.627Z and has not been modified since then. The NVD entry is currently Analyzed. This information is based on the NVD entry and the official CVE record. The vulnerability affects Zeek versions prior to 8.0.9. Users should verify their installations and apply patches or updates as necessary.
Official resources
-
CVE-2026-60108 CVE record
CVE.org
-
CVE-2026-60108 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T15:16:41.627Z and has not been modified since then.