MEDIUM
Quic Go Project
CVE published 2026-06-04
CVE-2026-40898
CVE-2026-40898 is a denial-of-service (DoS) vulnerability in quic-go's HTTP/3 client and server implementations. An attacker can cause excessive memory allocation by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field names and/or large values. This can lead to memory exhaustion and potentially cause crashes or resource exhaustion. The vulnerability [truncated]