HIGH
CRUX
CVE published 2026-06-06
CVE-2026-10725
CVE-2026-10725 is a HIGH severity vulnerability in Protocol::HTTP2, a Perl module for HTTP/2 protocol implementation. The vulnerability allows for an HTTP/2 'bomb' attack, which can cause a small HTTP/2 request to expand into large server memory. This is due to the lack of a header-list size limit in the inbound HPACK path, and the unbounded appending of CONTINUATION frames to the per-stream buffer. The v [truncated]