CVE-2026-6328

HIGH

XQUIC Improper STREAM Frame Validation in Initial/Handshake Packets

Title source: cna

Description

Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.This issue affects XQUIC: through 1.8.3.

References (1)

https://github.com/alibaba/xquic/commit/4764604a0e487eeb49338b4498aecda2194eae84

View Patch ZIP pw:eip

Scores

CVSS v4 8.3

EPSS 0.0004

EPSS Percentile 12.8%

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Details

CWE

CWE-20 CWE-347

Status published

Products (1)

XQUIC Project/XQUIC < 1.8.3

Published Apr 15, 2026

Tracked Since Apr 15, 2026