Skip to main content

Nghttp2

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-27135 HIGH POC PATCH This Week

nghttp2 before version 1.68.1 fails to properly validate internal state when session termination APIs are invoked, allowing an attacker to send a malformed frame that triggers an assertion failure and crashes the application. This denial of service vulnerability affects applications using the nghttp2 HTTP/2 library and can be triggered remotely without authentication or user interaction. No patch is currently available to remediate this issue.

Denial Of Service Nghttp2
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27135
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

nghttp2 before version 1.68.1 fails to properly validate internal state when session termination APIs are invoked, allowing an attacker to send a malformed frame that triggers an assertion failure and crashes the application. This denial of service vulnerability affects applications using the nghttp2 HTTP/2 library and can be triggered remotely without authentication or user interaction. No patch is currently available to remediate this issue.

Denial Of Service Nghttp2
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy