Heap-based buffer overflow in rsyslog - CVE-2026-55556
Published: June 24, 2026
rsyslog
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a heap-based buffer overflow in parse_auth_header() in the imhttp module when processing a crafted HTTP Basic Authorization header. A remote attacker can send a single crafted HTTP request to cause a denial of service.
Only deployments where the optional imhttp module is installed, explicitly loaded, and configured with HTTP Basic Authentication for an endpoint are vulnerable.