#8
The Hacker News
general
July 10, 2026 at 11:47 UTC
Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers
By [email protected] (The Hacker News)
AI Summary
Researcher Sébastien Féry disclosed an unpatched denial-of-service flaw dubbed XRING in XQUIC, Alibaba's open-source QUIC and HTTP/3 library, which allows any unauthenticated remote client to crash an HTTP/3 server using approximately 260 bytes of valid QPACK traffic. No patch was available as of the July 8, 2026 disclosure, posing risk to any service built on XQUIC.
Relevance score: 72.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →