XQUIC Improper STREAM Frame Validation in Initial/Handshake Packets_CVE-2026-6328

8.3 / 10

HIGH

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Description

Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.This issue affects XQUIC: through 1.8.3.

Basic Information

ID CVE-2026-6328

Source alibaba

Published Apr 15, 2026 at 03:18

Affected Product

Vendor XQUIC Project

Product XQUIC

Affected Versions XQUIC Project XQUIC 0

CWE Classification

CWE-20 CWE-347

References

github.com /alibaba/xquic/commit/4764604a0e487eeb49338b4498aecda2194eae84

{
    "lastseen": "",
    "description": "Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.This issue affects XQUIC: through 1.8.3.",
    "published": "2026-04-15T03:18:10.428Z",
    "modified": "2026-04-15T03:18:10.428Z",
    "type": "cve",
    "title": "XQUIC Improper STREAM Frame Validation in Initial/Handshake Packets",
    "source": "alibaba",
    "references": "https://github.com/alibaba/xquic/commit/4764604a0e487eeb49338b4498aecda2194eae84",
    "id": "CVE-2026-6328",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20",
        "CWE-347"
    ],
    "cvelist": null,
    "sourceData": "XQUIC Project XQUIC 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.3,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "XQUIC",
    "version": "0",
    "vendor": "XQUIC Project",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}