CVE-2026-44796
EUVD-2026-3297528.05.2026, 18:16
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in combination with the use_regex flag. This vulnerability is fixed in 2.4.33 and 3.1.2.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| networktocode | nautobot | 𝑥 < 2.4.33 |
| networktocode | nautobot | 3.0.0 ≤ 𝑥 < 3.1.2 |
𝑥
= Vulnerable software versions
References