CVE-2026-42154

ADVISORY - github

Summary

Impact

The remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a small payload that causes a huge heap allocation per request. Under concurrent load this can exhaust available memory and crash the Prometheus process.

Patches

Has the problem been patched? What versions should users upgrade to?

Fixed in 3.11.3 and 3.5.3 LTS. Users should upgrade to these versions or later.

Workarounds

User who can not upgrade can place Prometheus behind a reverse proxy or firewall that requires authentication before requests reach /api/v1/read.

EPSS Score⁠: 0.00021 (0.058)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-400⁠

Uncontrolled Resource Consumption

CWE-789⁠

Memory Allocation with Excessive Size Value

ADVISORY - github

CWE-400⁠

Uncontrolled Resource Consumption

CWE-789⁠

Memory Allocation with Excessive Size Value

Impacted images

Advisories

Docker

CREATED

9 days ago

UPDATED

9 days ago

ADVISORY ID

CVE-2026-42154

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

NIST

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-42154⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-400⁠CWE-789⁠

CVSS SCORE

7.5high

GitHub

CREATED

1 day ago

UPDATED

1 day ago

ADVISORY IDGHSA-8rm2-7qqf-34qm⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-400⁠CWE-789⁠

CVSS SCORE

7.5high

Alpine

CREATED

6 days ago

UPDATED

6 days ago

ADVISORY IDCVE-2026-42154⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

13 hours ago

UPDATED

13 hours ago

ADVISORY IDCVE-2026-42154⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

15 hours ago

UPDATED

15 hours ago

ADVISORY IDCVE-2026-42154⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Bitnami

CREATED

12 hours ago

UPDATED

11 hours ago

ADVISORY ID

BIT-prometheus-2026-42154

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-24w2-qhqw-rp72

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-29rc-phqq-wqcm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-2f34-96j3-w8mh

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-2hvr-qmmx-gw49

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-2pxw-cmrp-5g4m

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-44xc-xqxm-q3vf

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-462c-fj27-553w

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-5cwp-xxrm-6r62

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-6x7w-vr2f-6mfg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-7gwg-pp66-3vx8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-7w4x-f6qv-wpm9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-8cwc-7r92-xf2h

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-8jvc-gqpj-qgwq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-9gmx-fg44-2rxc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-9q9r-7qjq-qw87

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-9qpj-64jr-8vgx

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-9rvg-8vh4-v3qc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-9xm2-7mgg-3g6g

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-f5h2-pjwx-2pch

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-gcf9-pq8h-rw8w

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-h423-52gh-j95g

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-h759-jrm7-j5h4

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-hjx3-6mhm-mrwq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-mmxc-6h58-4cvp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-mp8j-9v7j-gvqv

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-pgvm-3j55-7r49

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-pj3h-936q-jxx2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-pw28-hrqq-jj4h

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-q9r6-9c58-f76m

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-qg5j-h9gf-3v7j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-qxr3-fmvf-w2xp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-r4f2-2j63-gg3q

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-rpr3-cv3m-jfc9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-v265-g92h-4p2w

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-vwq7-x7cj-xf98

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-w96w-jx3h-8p87

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-x6fm-gv29-pqg6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY ID

MINI-x7m8-gqcg-3x73

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY