Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-11352

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can continuously stream empty datagrams to indefinitely stall the client.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 50.5%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2026-11352
  • Haxx » Curl » Version: 8.18.0
    cpe:2.3:a:haxx:curl:8.18.0


Contact Us

Shodan ® - All rights reserved