These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-46679 is a HIGH severity vulnerability in libp2p's gossipsub. Prior to version 15.0.23, three cooperating omissions allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. This issue has been patched in version 15.0.23.
CVE-2026-45783 is a HIGH severity vulnerability in libp2p, a JavaScript Implementation of libp2p networking stack. An unauthenticated remote peer can exhaust a @libp2p/kad-dht node's disk storage by sending an unbounded stream of PUT_VALUE messages with crafted keys, making the node unavailable. This issue was patched in version 16.2.6.