CVE-2025-58186
CVE Details
Visit the official vulnerability details page for CVE-2025-58186 to learn more.
Initial Publication
10/29/2025
Last Update
10/30/2025
Third Party Dependency
go
NIST CVE Summary
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
CVE Severity
Our Official Summary
Investigation is ongoing to determine how this vulnerability affects our products.
Status
Awaiting Analysis
Affected Products & Versions
| Version | PaletteAI | PaletteAI VerteX |
|---|---|---|
| 0.7.1 | ⚠️ Impacted | ⚠️ Impacted |
| 0.6.6 | ⚠️ Impacted | ⚠️ Impacted |
| 0.5.11 | ⚠️ Impacted | ⚠️ Impacted |
Revision History
No revisions available.