High severity7.5NVD Advisory· Published Apr 30, 2026· Updated May 4, 2026
CVE-2025-51846
CVE-2025-51846
Description
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
4- github.com/cryptpad/cryptpad/pull/2239/changes/1e0c06ad8a0c5dab795f85f9730ec2693320c62envdPatch
- github.com/JohnPerifanis/cryptpad-cve-2025-51846-advisory/blob/main/README.mdnvdExploitThird Party Advisory
- raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-119-01.jsonnvdThird Party Advisory
- www.cve.org/CVERecordnvdThird Party Advisory
News mentions
0No linked articles in our index yet.