Use After Free in The Qt Company
CVE-2025-5991
There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream…
Vulnerability class: Use-After-Free
EPSS: 0.001 (2.1th percentile) — read the EPSS interpretation.
Affected products
- The Qt Company — versions 0, 6.9.0, 6.9.1