SpirityCVE

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Nordvpn	Nordvpn

No data.

References

Link	Providers
https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe
https://nordvpn.com/
https://www.exploit-db.com/exploits/46343
https://www.vulncheck.com/advisories/nordvpn-denial-of-service-via-email-field-buffer-overflow

History

Mon, 23 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 21 Mar 2026 13:00:00 +0000

Type	Values Removed	Values Added
Description		NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash.
Title		NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow
First Time appeared		Nordvpn Nordvpn nordvpn
Weaknesses		CWE-1260
CPEs		cpe:2.3:a:nordvpn:nordvpn:3.3.10:::::macos:: cpe:2.3:a:nordvpn:nordvpn:6.12.7.0:::::windows:: cpe:2.3:a:nordvpn:nordvpn:6.14.28.0:::::::* cpe:2.3:a:nordvpn:nordvpn:6.19.6:::::::*
Vendors & Products		Nordvpn Nordvpn nordvpn
References		https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe https://nordvpn.com/ https://www.exploit-db.com/exploits/46343 https://www.vulncheck.com/advisories/nordvpn-denial-of-service-via-email-field-buffer-overflow
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-03-21T12:47:11.466Z

Updated: 2026-03-23T15:38:06.456Z

Reserved: 2026-03-21T12:40:32.843Z

Link: CVE-2019-25572

Vulnrichment

Updated: 2026-03-23T15:38:01.912Z

NVD

Status : Awaiting Analysis

Published: 2026-03-21T13:16:21.200

Modified: 2026-03-23T14:31:37.267

Link: CVE-2019-25572

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object