CVE-2026-11312

LOW 3.3

bytedance InfiniStore KV Map infinistore.h purge_kv_map algorithmic complexity

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

2th

A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purge_kv_map in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-407 CWE-404
Vendor	bytedance
Product	infinistore
Published	Jun 5, 2026
Last Updated	Jun 5, 2026

Stay Ahead of the Next One

Get instant alerts for bytedance infinistore

Be the first to know when new low vulnerabilities affecting bytedance infinistore are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

bytedance / InfiniStore

0.2.0 0.2.1 0.2.2 0.2.3 0.2.4 0.2.5 0.2.6 0.2.7 0.2.8 0.2.9 0.2.10 0.2.11 0.2.12 0.2.13 0.2.14 0.2.15 0.2.16 0.2.17 0.2.18 0.2.19 0.2.20 0.2.21 0.2.22 0.2.23 0.2.24 0.2.25 0.2.26 0.2.27 0.2.28 0.2.29 0.2.30 0.2.31 0.2.32 0.2.33

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/368398 vuldb.com: https://vuldb.com/vuln/368398/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11312 vuldb.com: https://vuldb.com/submit/832348 github.com: https://github.com/bytedance/InfiniStore/issues/200 github.com: https://github.com/bytedance/InfiniStore/

Credits

🔍 Dem00 (VulDB User) VulDB CNA Team