CVE-2026-21435 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing…
Medium CVSS: 5.3

CVE-2026-21435

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream, blocking transmission of the WT_CLOSE_SESSION capsule and causing the close operation to hang. This vulnerability is fixed in v0.10.0.
Vendor
Quic-go
Product
Webtransport-go
CWE
CWE-400
Yayın Tarihi
2026-02-12 19:15:51
Güncelleme
2026-02-19 22:51:49
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-400 Webtransport-go MEDIUM Quic-go 2026

Referanslar

https://github.com/quic-go/webtransport-go/releases/tag/v0.10.0 https://github.com/quic-go/webtransport-go/security/advisories/GHSA-px4r-g4p3-hhqv