CVE-2026-6328 PUBLISHED

XQUIC Improper STREAM Frame Validation in Initial/Handshake Packets

Assigner: alibaba
Reserved: 15.04.2026 Published: 15.04.2026 Updated: 15.04.2026

Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.This issue affects XQUIC: through 1.8.3.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.3

Product Status

Vendor XQUIC Project
Product XQUIC
Versions Default: unaffected
  • affected from 0 to 1.8.3 (incl.)

References

Problem Types

  • CWE-20 Improper input validation CWE
  • CWE-347 Improper verification of cryptographic signature CWE

Impacts

  • CAPEC-272 Protocol Manipulation