Vulnerability in H2o Quicly

CVE-2026-44434

Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit dccf5d4, Quicly was vulnerable to stateless reset injection through lack of packet entry validation. The QUIC protocol is…

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-44434?
CVE-2026-44434 is a medium-severity vulnerability in H2o Quicly, classified under Insufficient Verification of Data Authenticity. CVSS score: 5.3/10. Published 2026-07-16.
How severe is CVE-2026-44434?
Medium severity. CVSS v3 base score is 5.3 out of 10.