VYPR

Webtransport Go

by Quic Go

Source repositories

CVEs (3)

  • CVE-2026-21438Feb 12, 2026
    risk 0.00cvss epss 0.00

    webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage…

  • CVE-2026-21435Feb 12, 2026
    risk 0.00cvss epss 0.00

    webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the…

  • CVE-2026-21434Feb 12, 2026
    risk 0.00cvss epss 0.00

    webtransport-go is an implementation of the WebTransport protocol. From 0.3.0 to 0.9.0, an attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WT_CLOSE_SESSION capsule containing an excessively large Application Error Message.…