CVE-2026-42304

EUVD-2026-30158

13.05.2026, 21:16

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previous loop-prevention logic, causing the single-threaded Twisted reactor to hang while processing millions of recursive lookups, effectively freezing the server. This vulnerability is fixed in 26.4.0rc2.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 34%

Affected Products (NVD)

Vendor	Product	Version
twisted	twisted	𝑥 < 26.4.0
twisted	twisted	26.4.0:rc1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

twisted

bookworm	no-dsa
bookworm (security)	vulnerable
bullseye	postponed
bullseye (security)	vulnerable
forky	26.4.0-1 fixed
sid	26.4.0-1 fixed
trixie	no-dsa

openSUSE / SLES Releases

openSUSE Product

Release

python3-Twisted

suse enterprise sap 15 SP4	22.2.0-150400.24.1 fixed
suse enterprise sap 15 SP5	22.2.0-150400.24.1 fixed
suse enterprise sap 15 SP6	22.2.0-150400.24.1 fixed
suse enterprise server 15 SP4	22.2.0-150400.24.1 fixed
suse enterprise server 15 SP5	22.2.0-150400.24.1 fixed
suse enterprise server 15 SP6	22.2.0-150400.24.1 fixed

python311-Twisted

suse enterprise desktop 15 SP7	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP4	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP5	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP6	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP7	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP4	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP5	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP6	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP7	22.10.0-150400.5.26.1 fixed

python311-Twisted-all_non_platform

suse enterprise desktop 15 SP7	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP4	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP5	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP6	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP7	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP4	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP5	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP6	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP7	22.10.0-150400.5.26.1 fixed

python311-Twisted-conch

suse enterprise desktop 15 SP7	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP4	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP5	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP6	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP7	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP4	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP5	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP6	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP7	22.10.0-150400.5.26.1 fixed

python311-Twisted-conch_nacl

suse enterprise desktop 15 SP7	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP4	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP5	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP6	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP7	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP4	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP5	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP6	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP7	22.10.0-150400.5.26.1 fixed

python311-Twisted-contextvars

suse enterprise desktop 15 SP7	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP4	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP5	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP6	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP7	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP4	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP5	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP6	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP7	22.10.0-150400.5.26.1 fixed

python311-Twisted-http2

suse enterprise desktop 15 SP7	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP4	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP5	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP6	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP7	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP4	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP5	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP6	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP7	22.10.0-150400.5.26.1 fixed

python311-Twisted-serial

suse enterprise desktop 15 SP7	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP4	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP5	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP6	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP7	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP4	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP5	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP6	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP7	22.10.0-150400.5.26.1 fixed

python311-Twisted-tls

suse enterprise desktop 15 SP7	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP4	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP5	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP6	22.10.0-150400.5.26.1 fixed
suse enterprise sap 15 SP7	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP4	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP5	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP6	22.10.0-150400.5.26.1 fixed
suse enterprise server 15 SP7	22.10.0-150400.5.26.1 fixed