[ANN] CVE-2025-26819: Public XMR nodes should update to 'release-v0.18' branch until 0.18.4.0 is out (very soon)

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.

Links:

• https://www.cvedetails.com/cve/CVE-2025-26819/
• https://farside.link/libreddit/r/Monero/comments/1iqpebc/
• https://seclists.org/oss-sec/2025/q1/133
• https://github.com/monero-project/monero/tree/release-v0.18

Author: anon

Contact: n/a

Note:

This is a free community message from anon.

Read the service announcement for more info.

Always DYOR and make use of reputable escrow services. I do not/can not verify anything. Report any suspicious messages.