Vulnerability in H2o Quicly
CVE-2026-44434
Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit dccf5d4, Quicly was vulnerable to stateless reset injection through lack of packet entry validation. The QUIC protocol is…
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.
Affected products
- H2o Quicly — versions < dccf5d4
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
Frequently asked questions
- What is CVE-2026-44434?
- CVE-2026-44434 is a medium-severity vulnerability in H2o Quicly, classified under Insufficient Verification of Data Authenticity. CVSS score: 5.3/10. Published 2026-07-16.
- How severe is CVE-2026-44434?
- Medium severity. CVSS v3 base score is 5.3 out of 10.