CVE-2026-7776: Boundary Workers Vulnerable to DoS During TLS Handshakes

/HIGH /CVSS 7.5/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-770
CVE-2026-7776: Boundary Workers Vulnerable to DoS During TLS Handshakes

The National Vulnerability Database has disclosed CVE-2026-7776, detailing a denial-of-service (DoS) vulnerability affecting Boundary Community Edition and Boundary Enterprise workers. This flaw stems from how Boundary workers handle TLS handshakes during node enrollment. An attacker with network access to the worker authentication listener can exploit this by initiating a connection and then deliberately delaying or withholding the client certificate.

This malicious delay causes the worker’s connection handling processes to block, preventing legitimate worker connections from being accepted or routed. The impact is a denial-of-service condition, rendering the Boundary deployment unable to function correctly. The National Vulnerability Database assigns this a CVSS score of 7.5 (HIGH), underscoring the severity of potential operational disruption.

Defenders leveraging Boundary must prioritize patching. The National Vulnerability Database confirms that this vulnerability is addressed in Boundary versions 0.21.3, 0.20.3, and 0.19.5. Immediate upgrade to a patched version is critical to mitigate the risk of attackers disrupting Boundary services.

What This Means For You

  • If your organization uses Boundary Community Edition or Boundary Enterprise, you are exposed to a high-severity denial-of-service attack. This isn't just a theoretical bug; it's a direct operational impact that can take your Boundary infrastructure offline. Check your Boundary worker versions immediately and prioritize upgrading to 0.21.3, 0.20.3, or 0.19.5 to patch CVE-2026-7776.

Related ATT&CK Techniques

T1499 Denial of Service Impact

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1499 Impact

CVE-2026-7776: Boundary Worker TLS Handshake DoS Attempt

Sigma YAML — free preview 
title: CVE-2026-7776: Boundary Worker TLS Handshake DoS Attempt
id: scw-2026-05-04-ai-1
status: experimental
level: high
description: |
  Detects attempts to exploit CVE-2026-7776 by targeting the Boundary worker enrollment TLS handshake. This rule looks for POST requests to the worker enrollment endpoint that result in a client error status, indicative of a potential DoS attempt by manipulating the TLS handshake, specifically by delaying or withholding the client certificate.
author: SCW Feed Engine (AI-generated)
date: 2026-05-04
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-7776/
tags:
  - attack.impact
  - attack.t1499
logsource:
    category: webserver
detection:
  selection:
      cs-uri|startswith:
          - '/v1/worker/enroll'
      cs-method:
          - 'POST'
      sc-status:
          - '400'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-7776 DoS Boundary Community Edition and Boundary Enterprise workers
CVE-2026-7776 DoS Boundary versions prior to 0.21.3, 0.20.3, 0.19.5
CVE-2026-7776 DoS Vulnerable component: worker authentication listener during TLS handshakes

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 05, 2026 at 01:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-7782 — CodeCanyon Perfex CRM Vulnerability

CVE-2026-7782 — A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component...

vulnerabilityCVEmedium-severitycwe-285cwe-639
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 2 Sigma

CVE-2026-7781 — Open5GS Denial of Service

CVE-2026-7781 — A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udm_nudm_uecm_handle_amf_registration_update of the file /src/udm/nudm-handler.c...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-404
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 2 Sigma

Amazon WorkSpaces Escalation: Local User to SYSTEM via Log Rotation

CVE-2026-7791 — Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a...

vulnerabilityCVEhigh-severityprivilege-escalationcwe-367
/SCW Vulnerability Desk /HIGH /7.8 /⚑ 3 IOCs /⚙ 3 Sigma