Search criteria
2 vulnerabilities by Xquic Project
CVE-2026-6328 (GCVE-0-2026-6328)
Vulnerability from cvelistv5 – Published: 2026-04-15 03:18 – Updated: 2026-04-15 16:13
VLAI
Title
XQUIC Improper STREAM Frame Validation in Initial/Handshake Packets
Summary
Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.This issue affects XQUIC: through 1.8.3.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| XQUIC Project | XQUIC |
Affected:
0 , ≤ 1.8.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T13:47:01.676715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:13:31.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com",
"defaultStatus": "unaffected",
"modules": [
"QUIC protocol implementation",
"packet processing module",
"STREAM frame handler"
],
"packageName": "xquic",
"platforms": [
"Linux"
],
"product": "XQUIC",
"repo": "https://github.com/alibaba/xquic",
"vendor": "XQUIC Project",
"versions": [
{
"changes": [
{
"at": "1.9.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.\u003cp\u003eThis issue affects XQUIC: through 1.8.3.\u003c/p\u003e"
}
],
"value": "Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.This issue affects XQUIC: through 1.8.3."
}
],
"impacts": [
{
"capecId": "CAPEC-272",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-272 Protocol Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper input validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper verification of cryptographic signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:18:10.428Z",
"orgId": "0cc2b86d-1d45-434d-ae74-11d09ec61ae8",
"shortName": "alibaba"
},
"references": [
{
"url": "https://github.com/alibaba/xquic/commit/4764604a0e487eeb49338b4498aecda2194eae84"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XQUIC Improper STREAM Frame Validation in Initial/Handshake Packets",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cc2b86d-1d45-434d-ae74-11d09ec61ae8",
"assignerShortName": "alibaba",
"cveId": "CVE-2026-6328",
"datePublished": "2026-04-15T03:18:10.428Z",
"dateReserved": "2026-04-15T02:43:22.187Z",
"dateUpdated": "2026-04-15T16:13:31.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1788 (GCVE-0-2026-1788)
Vulnerability from cvelistv5 – Published: 2026-02-03 03:22 – Updated: 2026-02-03 17:18
VLAI
Title
Buffer Overflow in Xquic Server
Summary
: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux (QUIC protocol implementation, packet processing module modules) allows : Buffer Manipulation.This issue affects Xquic Server: through 1.8.3.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/alibaba/xquic |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Xquic Project | Xquic Server |
Affected:
0 , ≤ 1.8.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T17:17:50.280981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T17:18:06.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com",
"defaultStatus": "unaffected",
"modules": [
"QUIC protocol implementation",
"packet processing module"
],
"packageName": "xquic",
"platforms": [
"Linux"
],
"product": "Xquic Server",
"repo": "https://github.com/alibaba/xquic",
"vendor": "Xquic Project",
"versions": [
{
"changes": [
{
"at": "1.9.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": ": Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux (QUIC protocol implementation, packet processing module modules) allows : Buffer Manipulation.\u003cp\u003eThis issue affects Xquic Server: through 1.8.3.\u003c/p\u003e"
}
],
"value": ": Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux (QUIC protocol implementation, packet processing module modules) allows : Buffer Manipulation.This issue affects Xquic Server: through 1.8.3."
}
],
"impacts": [
{
"capecId": "CAPEC-123",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-123: Buffer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T03:22:48.256Z",
"orgId": "0cc2b86d-1d45-434d-ae74-11d09ec61ae8",
"shortName": "alibaba"
},
"references": [
{
"url": "https://github.com/alibaba/xquic"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Buffer Overflow in Xquic Server",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cc2b86d-1d45-434d-ae74-11d09ec61ae8",
"assignerShortName": "alibaba",
"cveId": "CVE-2026-1788",
"datePublished": "2026-02-03T03:22:48.256Z",
"dateReserved": "2026-02-03T03:04:55.808Z",
"dateUpdated": "2026-02-03T17:18:06.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}