Back to CVE List

CVE-2026-11586

Vulnerability Description

By default, curl automatically responds to WebSocket PING frames. Because curl
lacks an upper bound on memory allocation for unacknowledged frames, a
malicious server can exhaust all available memory by flooding curl with rapid,
sequential PING messages.

Vulnerability Details

Published Date
Last Modified
Source
NVD
Vendor
curl
Product
curl

External References

Discussion (0)

Add Comment

No comments yet. Be the first!