mtrudel CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH mtrudel CVE published 2026-05-13

CVE-2026-39806

CVE-2026-39806 is a high-severity denial-of-service issue in mtrudel Bandit. A flaw in chunked request parsing can leave a worker process stuck in a loop when a valid chunked body includes trailer fields, allowing unauthenticated remote attackers to consume workers until the server stops responding. The issue is fixed in Bandit 1.11.1.

HIGH mtrudel CVE published 2026-05-13

CVE-2026-39803

CVE-2026-39803 is an unauthenticated remote denial-of-service issue in mtrudel Bandit. A chunked HTTP/1 request body can bypass the intended request-size limit, causing Bandit to buffer the full body and potentially exhaust memory before a 413 response can be issued.