VYPR
High severity7.5NVD Advisory· Published Apr 30, 2026· Updated May 4, 2026

CVE-2025-51846

CVE-2025-51846

Description

CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Cryptpad/Cryptpadreferences3 versions
    (expand)+ 2 more
    • (no CPE)
    • cpe:2.3:a:xwiki:cryptpad:*:*:*:*:*:*:*:*range: >=2025.3.1,<2026.2.2
    • (no CPE)range: =2025.3.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.