Skip to main content

Protocol

2 CVEs product

Monthly

CVE-2026-10725 HIGH PATCH This Week

Denial of service in the Perl Protocol::HTTP2 module versions up to and including 1.12 lets remote unauthenticated attackers exhaust server memory by sending a small HTTP/2 request that expands massively during HPACK decoding (an 'HTTP/2 bomb'). The module advertises MAX_HEADER_LIST_SIZE in SETTINGS but never enforces it on decode, and version 1.12 made things worse by unbounded CONTINUATION-frame buffering. No public exploit identified at time of analysis, and EPSS is very low (0.02%), but CPANSec has coordinated a vendor patch.

Information Disclosure Protocol Suse
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-45289 MEDIUM PATCH This Month

Authentication bypass in CloudburstMC Protocol, the Minecraft Bedrock Edition protocol library, allows remote unauthenticated attackers to partially bypass token validation by exploiting incomplete checks in EncryptionUtils for FULL type authentication tokens. All versions prior to 3.0.0.Beta12-20260420.182526-15 are affected, impacting any publicly accessible software - such as Bedrock-compatible game servers - that depends on this library's auth payload validation logic. The CVSS vector (AV:N/AC:L/PR:N/UI:N/I:L) confirms low-complexity remote exploitation with limited integrity impact; no public exploit code or CISA KEV listing has been identified at time of analysis.

Authentication Bypass Protocol
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in the Perl Protocol::HTTP2 module versions up to and including 1.12 lets remote unauthenticated attackers exhaust server memory by sending a small HTTP/2 request that expands massively during HPACK decoding (an 'HTTP/2 bomb'). The module advertises MAX_HEADER_LIST_SIZE in SETTINGS but never enforces it on decode, and version 1.12 made things worse by unbounded CONTINUATION-frame buffering. No public exploit identified at time of analysis, and EPSS is very low (0.02%), but CPANSec has coordinated a vendor patch.

Information Disclosure Protocol Suse
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Authentication bypass in CloudburstMC Protocol, the Minecraft Bedrock Edition protocol library, allows remote unauthenticated attackers to partially bypass token validation by exploiting incomplete checks in EncryptionUtils for FULL type authentication tokens. All versions prior to 3.0.0.Beta12-20260420.182526-15 are affected, impacting any publicly accessible software - such as Bedrock-compatible game servers - that depends on this library's auth payload validation logic. The CVSS vector (AV:N/AC:L/PR:N/UI:N/I:L) confirms low-complexity remote exploitation with limited integrity impact; no public exploit code or CISA KEV listing has been identified at time of analysis.

Authentication Bypass Protocol
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy