CVE-2026-31812

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Quinn versions prior to 0.11.14

Description A remote, unauthenticated attacker can cause a denial of service in applications using vulnerable Quinn versions by sending a specially crafted QUIC Initial packet containing malformed quic transport parameters. The issue occurs because attacker-controlled variable-length integers (varints) are decoded using unwrap(), and truncated encodings lead to a panic. This is exploitable over the network with a single packet and requires no prior trust or authentication.

Recommendations Update to version 0.11.14 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-248

Related Identifiers

CVE-2026-31812

GHSA-6XVM-J4WR-6V98

OPENSUSE-SU-2026:10380-1

OPENSUSE-SU-2026:10382-1

OPENSUSE-SU-2026:10383-1

OPENSUSE-SU-2026:10384-1

OPENSUSE-SU-2026:20569-1

RUSTSEC-2026-0037

SUSE-RU-2026:1001-1

SUSE-SU-2026:1337-1

SUSE-SU-2026:1415-1

SUSE-SU-2026:21357-1

Affected Products

Quinn

CVE-2026-31812

Weakness Enumeration

Related Identifiers

Affected Products

References · 36