CVE-2026-6328

HIGH

XQUIC Improper STREAM Frame Validation in Initial/Handshake Packets

Title source: cna

Description

Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.This issue affects XQUIC: through 1.8.3.

References (1)

Core 1

Core References

https://github.com/alibaba/xquic/commit/4764604a0e487eeb49338b4498aecda2194eae84

View Patch ZIP pw:eip

Scores

CVSS v4 8.3

EPSS 0.0020

EPSS Percentile 9.7%

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20 CWE-347

Status published

Products (1)

XQUIC Project/XQUIC < 1.8.3

Published Apr 15, 2026

Tracked Since Apr 15, 2026