CNNVD-202602-2063 Information

Feb 12, 2026 cve

CNNVD ID

CNNVD-202602-2063

CVE-2026-26076

  • CNNVD Published: 2026-02-12

Description (Chinese)

ntpd-rs是Project Pendulum开源的一款用于同步计算机时钟的工具,可实现 NTP 和 NTS 协议。 ntpd-rs 1.7.1之前版本存在安全漏洞,该漏洞源于当服务器启用NTS时,攻击者可以创建畸形的NTS数据包,可能导致服务器CPU使用率增加和性能下降。

Description (English)

ntpd-rs is a tool for synchronizing computer clocks for the Project Pendulum open source, enabling NTP and NTS protocols. There is a security loophole in the pre-ntpd-rs 1.7.1 version, which stems from the fact that when NTS is enabled by the server, the assailant can create an aberrant NTS data package, which could lead to an increase in the server CPU usage and a decrease in performance.

Vulnerability Type

其他

Affected Vendor

Project Pendulum

Published

2026-02-12

Last Modified

2026-02-24

References

https://github.com/pendulum-project/ntpd-rs/commit/fa73af14d17b666b1142b9fee3ba22c18a841d24 https://github.com/pendulum-project/ntpd-rs/releases/tag/v1.7.1 https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-c7j7-rmvr-fjmv https://access.redhat.com/security/cve/cve-2026-26076

Patch

https://github.com/pendulum-project/ntpd-rs/releases/

Share on: