VYPR
Medium severity5.3NVD Advisory· Published Jun 3, 2026· Updated Jun 15, 2026

CVE-2026-44545

CVE-2026-44545

Description

daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 (unlimited), an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory consumption and a denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Djangoproject/Daphnereferences3 versions
    (expand)+ 2 more
    • (no CPE)
    • cpe:2.3:a:djangoproject:daphne:*:*:*:*:*:*:*:*range: <4.2.2
    • (no CPE)range: <4.2.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.