Medium severity5.3NVD Advisory· Published Jun 3, 2026· Updated Jun 15, 2026
CVE-2026-44545
CVE-2026-44545
Description
daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 (unlimited), an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory consumption and a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3(expand)+ 2 more
- (no CPE)
- cpe:2.3:a:djangoproject:daphne:*:*:*:*:*:*:*:*range: <4.2.2
- (no CPE)range: <4.2.2
Patches
Vulnerability mechanics
References
1- github.com/django/daphne/blob/main/CHANGELOG.txtnvdRelease Notes
News mentions
0No linked articles in our index yet.