CVE-2026-21874

Name of the Vulnerable Software and Affected Versions NiceGUI versions 2.10.0 through 3.4.1

Description NiceGUI is a Python-based UI framework. An unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI application using Redis-backed storage. Connections are not released, leading to service degradation when Redis reaches its connection limit. NiceGUI continues accepting new connections, but errors are logged and storage functionality is broken.

Recommendations Upgrade to version 3.5.0 or later.