CWE-1050 (Excessive Platform Resource Consumption within a Loop) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-4634 | 2026-04-02 | A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OID… |
| CVE-2026-22263 | 2026-01-27 | Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 pat… |
| CVE-2026-22261 | 2026-01-27 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Ve… |
| CVE-2025-67419 | 2026-01-05 | A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to l… |
| CVE-2025-48866 | 2025-06-02 | ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-v… |
| CVE-2025-47947 | 2025-05-21 | ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special cas… |
| CVE-2025-32907 | 2025-04-14 | A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a sin… |
| CVE-2024-4068 | 2024-05-14 | The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalance… |
| CVE-2023-1390 | 2023-03-16 | A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in t… |
| CVE-2021-41039 | 2021-12-01 | In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possi… |
| CVE-2019-11254 | 2020-04-01 | The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to co… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Relationships |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated References, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Common_Consequences, Description, Time_of_Introduction |