Home / Jul 12, 2026 / Story
0
#8 The Hacker News general July 10, 2026 at 11:47 UTC

Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers

By [email protected] (The Hacker News)

AI Summary

Researcher Sébastien Féry disclosed an unpatched denial-of-service flaw dubbed XRING in XQUIC, Alibaba's open-source QUIC and HTTP/3 library, which allows any unauthenticated remote client to crash an HTTP/3 server using approximately 260 bytes of valid QPACK traffic. No patch was available as of the July 8, 2026 disclosure, posing risk to any service built on XQUIC.

Relevance score: 72.0/100

# More from July 12