Primary

Context

Volto Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Volto, a ReactJS-based frontend for the Plone Content Management System. This issue affects Volto versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5. The vulnerability allows an anonymous user to cause the NodeJS server component of Volto to crash with an error by visiting a specific URL.

Impact

Exploitation of this vulnerability leads to a crash of the NodeJS server component, causing a denial-of-service condition.

Remediation

Users are advised to upgrade to Volto versions 16.34.1, 17.22.2, 18.27.2, or 19.0.0-alpha.6, where this vulnerability has been patched.

Added: Oct 2, 2025, 10:17 PM

Updated: Oct 2, 2025, 10:17 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

8.4

remediation

7.9

relevance

0.6

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

8.4

remediation

7.9

relevance

0.6

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Volto Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

plone volto

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating