CVE-2026-31960

Name of the Vulnerable Software and Affected Versions Quill versions prior to 0.7.1

Description Quill, a tool for mac binary signing and notarization, is susceptible to a denial-of-service condition. The issue stems from unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple’s notarization service, which is typically prevented by HTTPS with proper TLS certificate validation. However, environments with TLS-intercepting proxies, compromised certificate authorities, or other trust boundary violations are at risk. When processing HTTP responses, Quill reads the entire response body into memory without a size limit. An attacker controlling the response content can send an arbitrarily large payload, leading to memory exhaustion and a crash of the Quill client. The impact is limited to availability, with no effect on confidentiality or integrity. Both the Quill CLI and library are affected when used for notarization operations.

Recommendations Update to Quill version 0.7.1 or later.