Dark C0d3rs

Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2026-05-06
Full Version: HackerOne Disclosed Reports - 2026-05-06
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

hashXploiter

5 hours ago
Logo
Critical
resolved

Critical Deadlock Vulnerability in Monero RPC Leading to Complete Node Paralysis


Bug reported by rorkh was disclosed at May 6, 2026, 5:13 pm   |   Uncontrolled Resource Consumption

A deadlock vulnerability was discovered in the Monero JSON-RPC interface that allowed a remote, unauthenticated attacker to completely paralyze any Monero node with a single HTTP request containing specific batch methods, leading to permanent denial of service. The vulnerability affected all releases of Monero up to version 0.18.4.2 and likely previous versions, across all operating systems. The vulnerability was rated as critical, with a CVSS 3.0 score of 10.0.


Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2026-05-06