CVE-2026-11586
Vulnerability Description
By default, curl automatically responds to WebSocket PING frames. Because curl
lacks an upper bound on memory allocation for unacknowledged frames, a
malicious server can exhaust all available memory by flooding curl with rapid,
sequential PING messages.
lacks an upper bound on memory allocation for unacknowledged frames, a
malicious server can exhaust all available memory by flooding curl with rapid,
sequential PING messages.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Vendor
curl
Product
curl
Discussion (0)
Add Comment
No comments yet. Be the first!