CVE-2026-44931

CVE-2026-44931 is a medium-severity vulnerability with a CVSS 4.0 base score of 5.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-770.

Key facts

Description

The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd

Frequently asked questions

What is CVE-2026-44931?
The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd
How severe is CVE-2026-44931?
CVE-2026-44931 has a CVSS 4.0 base score of 5.1, rated medium severity.
Is CVE-2026-44931 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (5th percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2026-44931?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2026-44931 have an EU (EUVD) identifier?
Yes. CVE-2026-44931 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-29921.
When was CVE-2026-44931 published?
CVE-2026-44931 was published on 2026-05-13 and last updated on 2026-06-17.

References

Other CWE-770 (Allocation of Resources Without Limits or Throttling) vulnerabilities

Browse all CWE-770 (Allocation of Resources Without Limits or Throttling) vulnerabilities →