Primary

Context

NordVPN Denial-of-Service Vulnerability via Email Field Buffer Overflow

Vulnerability

A denial-of-service vulnerability has been identified in NordVPN version 6.19.6. This issue allows local attackers to crash the application by entering an excessively long string, specifically 100,000 characters, into the email input field during the login process. The application fails to handle this input properly, leading to a crash.

Impact

Exploitation of this vulnerability causes the NordVPN application to crash, disrupting the user's VPN service.

Reproduction

To reproduce this vulnerability, paste a buffer of 100,000 characters into the email field of the NordVPN login interface. After entering the email, input '1234' in the password field and click the 'Sign In' button. The application will crash upon processing the input.

Added: Mar 21, 2026, 1:18 PM

Updated: Mar 21, 2026, 1:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

4.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

4.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NordVPN Denial-of-Service Vulnerability via Email Field Buffer Overflow

Vulnerability

Impact

Reproduction

Affected Products

NordVPN

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating