We are pleased to announce the releases of Suricata 8.0.5 and 7.0.16.
These are security releases, fixing a number of important issues. This is the first release cycle that reflects a change in vulnerability reporting volume as a result of the rise of AI(-assisted) analysis, resulting in a higher than usual number of issues.
Get the releases here:
8.0.5:
https://www.openinfosecfoundation.org/download/suricata-8.0.5.tar.gz
7.0.16: https://www.openinfosecfoundation.org/download/suricata-7.0.16.tar.gz
Notable Changes
Various security, performance, accuracy, and stability issues have been fixed.
- 8.0.5 tickets: https://redmine.openinfosecfoundation.org/versions/233
- 7.0.16 tickets: https://redmine.openinfosecfoundation.org/versions/231
Suricata-update and LibHTP versions remain the same from the previous release.
CVE IDs Addressed
| CVE | Severity (OISF) | Severity (CVSS 3.1) | Affected Version(s) | Ticket(s) |
|---|---|---|---|---|
| CVE-2026-45764 | CRITICAL | CRITICAL | 8.0.x and 7.0.x | 8493, 8494 |
| CVE-2026-45766 | CRITICAL | HIGH | 8.0.x and 7.0.x | 8419, 8420 |
| CVE-2026-45769 | CRITICAL | HIGH | 8.0.x and 7.0.x | 8416, 8417 |
| CVE-2026-45768 | CRITICAL | HIGH | 8.0.x only | 8406 |
| CVE-2026-46387 | HIGH | HIGH | 8.0.x and 7.0.x | 8554, 8555 |
| CVE-2026-45759 | HIGH | HIGH | 8.0.x and 7.0.x | 8530, 8531 |
| CVE-2026-45762 | HIGH | HIGH | 8.0.x and 7.0.x | 8511, 8512 |
| CVE-2026-45765 | HIGH | HIGH | 8.0.x and 7.0.x | 8461, 8462 |
| CVE-2026-45747 | HIGH | HIGH | 7.0.x only | 6286 |
| CVE-2026-45770 | HIGH | HIGH | 8.0.x only | 8557 |
| CVE-2026-46352 | HIGH | HIGH | 8.0.x only | 8561 |
| CVE-2026-45767 | HIGH | MODERATE | 8.0.x and 7.0.x | 8547, 8548 |
| CVE-2026-45763 | HIGH | MODERATE | 8.0.x only | 8508 |
| CVE-2026-45751 | MODERATE | MODERATE | 8.0.x and 7.0.x | 8540, 8542 |
| CVE-2026-45752 | MODERATE | MODERATE | 8.0.x only | 8541 |
| CVE-2026-45761 | LOW | LOW | 8.0.x and 7.0.x | 8527, 8528 |
Severity scores defined by OISF and CVSS may vary due to how we assess and evaluate impact. While CVSS has a more generic view on vulnerabilities and will penalize any network-related issues, for instance, OISF considers Suricata context as the baseline (thus, as example, affecting the network isn’t taken into account).
- Suricata Security Policies: https://github.com/OISF/suricata/security/policy (updated recently)
- Suricata Security Advisories: https://github.com/OISF/suricata/security/advisories
Security Issues
Note that we have refined Suricata issues’ severities last month. CRITICAL severity is reserved for issues affecting Tier 1 features enabled by default, involving remotely triggerable traffic-based code execution. HIGH severity also covers Tier 1 features enabled by default, where there’s possible loss of visibility or availability.
If you think you’ve encountered a security vulnerability, please see how to report a security issue.
OISF Signing key updated
The OISF signing key has been recently updated to have a later expiration date. It is the same key as before, but users will need to refresh it:
gpg --receive-keys 2BA9C98CCDF1E93A
It can also be downloaded from: https://www.openinfosecfoundation.org/downloads/OISF.pub
Using Signing Keys: https://docs.suricata.io/en/suricata-8.0.5/verifying-source-files.html
Special Thanks
Alexandre de Oliveira, alinse-pltzr, Ben Jackson, Eric Leblond, Léopold Quairy, Makar Semyonov, Michael Dickenson, NebuSec, Nils Eiling, Pablo Ruiz, Sebastián Alba, Sergey Pinaev, Sreejith Gopinath, Trail of Bits (in collaboration with Anthropic), Xiaojin Peng, OSS-Fuzz, Coverity.
For contributing patches, reporting bugs or otherwise helping keep Suricata code secure.
News from SuriCon
The Call for Talks for SuriCon Lisbon 2026 is open for only a few more weeks! The Suricata users conference is the best place to present experience-driven talks that share meaningful knowledge with the community and help move Suricata forward.
So, if you’re working on something exciting (or have faced a lot of challenges and frustrations, and have lessons learned!), visit https://pretalx.com/suricon2026/cfp – we love hearing from you!
For SuriCon archives, registration and more, go to: suricon.net
About Suricata
Suricata is a high-performance Network Threat Detection, IDS, IPS, and Network Security Monitoring engine. Open-source and owned by a community-run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors, and the community.
Originally posted to the Suricata forum: https://forum.suricata.io/t/suricata-8-0-5-and-7-0-16-released/
The post Suricata 8.0.5 and 7.0.16 released! appeared first on Suricata.
