CVE-2026-44601

Summary

Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.

Affected Software

VendorProductVersion RangeStatus
torprojectTor0 < 0.4.9.7affected

Weaknesses

  • CWE-837: CWE-837 Improper Enforcement of a Single, Unique Action

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References