We are pleased to announce the releases of Suricata 8.0.3 and 7.0.14.
These are security releases, fixing a number of important issues.
Get the releases here:
8.0.3: https://www.openinfosecfoundation.org/download/suricata-8.0.3.tar.gz
7.0.14: https://www.openinfosecfoundation.org/download/suricata-7.0.14.tar.gz
Notable Changes
Various security, performance, accuracy, and stability issues have been fixed.
- 8.0.3 tickets: 8.0.3 - Suricata - Open Information Security Foundation
- 7.0.14 tickets: 7.0.14 - Suricata - Open Information Security Foundation
CVE IDs Addressed:
| CVE | Severity (OISF) | Severity (CVSS 3.1) | Affected Version(s) | Ticket(s) |
|---|---|---|---|---|
| CVE-2026-22260 | HIGH | HIGH | 8.0.x only | 8186 |
| CVE-2026-22263 | HIGH | MODERATE | 8.0.x only | 8202 |
| CVE-2026-22258 | CRITICAL | HIGH | 8.0.x and 7.0.x | 8197, 8198 |
| CVE-2026-22259 | HIGH | HIGH | 8.0.x and 7.0.x | 8199, 8200 |
| CVE-2026-22261 | MODERATE | LOW | 8.0.x and 7.0.x | 8157, 8209 |
| CVE-2026-22262 | HIGH | MODERATE | 8.0.x and 7.0.x | 8111, 8112 |
| CVE-2026-22264 | HIGH | HIGH | 8.0.x and 7.0.x | 8191, 8192 |
Severity scores defined by OISF and CVSS may vary due to how assess and evaluate impact. While CVSS has a more generic view on vulnerabilities and will penalize any network-related issues, for instance, OISF considers Suricata context as the baseline (thus, as example, affecting the network isn’t taken into account).
Suricata Security Policies: Security Policy · OISF/suricata · GitHub
Suricata Security Advisories: Security Advisories · OISF/suricata · GitHub
OISF Signing key updated
The OISF signing key has been recently updated to have a later expiration date. It is the same key as before, but users will need to refresh it:
gpg --receive-keys 2BA9C98CCDF1E93A
It can also be downloaded from: https://www.openinfosecfoundation.org/downloads/OISF.pub
Using Signing Keys: 29. Verifying Suricata Source Distribution Files — Suricata 8.0.2 documentation
Special Thanks
Brandon Murphy, Chris Wakelin, Giuseppe Longo, Ivan Kapranov, Jamie Lavigne, Jason Taylor, Jesse Lepich, Jhonny Sousa, Jun Yuan, Min-Gyu Jeon, Pierre Chifflier, QianKai Lin, Rajkumar, Sam Mohammad, shmilyGit, Xiangwei Zhang of Tencent Security YUNDING LAB, Outreachy, OSS-Fuzz, Coverity.
For contributing patches, reporting bugs or otherwise helping keep Suricata code secure.
News from SuriCon
Our community conference last November, 2025 in Montreal was exciting and inspiring. The call for talks for SuriCon Lisbon 2026 should open in February, don’t miss out!
Meanwhile, for a summary of the conference, pics and a list of the talks and their recordings, check SuriCon 2025 | Montreal – SURICON .
About Suricata
Suricata is a high-performance Network Threat Detection, IDS, IPS, and Network Security Monitoring engine. Open-source and owned by a community-run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors, and the community.
Newsletter
Stay up-to-date with latest events, webinars and happenings in our community: sign up for Suricata’s quarterly newsletter: https://newsletter.suricata.io/