CVE-2026-21438 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and c…
Medium CVSS: 5.3

CVE-2026-21438

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their resources. This vulnerability is fixed in v0.10.0.
Vendor
Quic-go
Product
Webtransport-go
CWE
CWE-401
Yayın Tarihi
2026-02-12 19:15:51
Güncelleme
2026-02-19 22:50:30
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-401 Webtransport-go MEDIUM Quic-go 2026

Referanslar

https://github.com/quic-go/webtransport-go/releases/tag/v0.10.0 https://github.com/quic-go/webtransport-go/security/advisories/GHSA-2f2x-8mwp-p2gc