PatchSiren

smallnest CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH smallnest CVE published 2026-07-08

CVE-2026-59803

CVE-2026-59803 is a denial-of-service vulnerability in rpcx through 1.9.3. The issue is caused by a lack of size limitation during gzip decompression in the rpcx protocol. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. This can lead to out-of-memory conditions and service unavailability.