PT-2026-33006 · Xquic · Xquic

Published

2026-04-15

Updated

2026-06-08

CVE-2026-6328

CVSS v4.0

8.3

High

Vector

AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions XQUIC versions prior to 1.8.3

Description Improper input validation and improper verification of cryptographic signatures in the QUIC protocol implementation, specifically within the packet processing module and STREAM frame handler modules, allow for protocol manipulation.

Recommendations Update to a version newer than 1.8.3.

Fix

RCE

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-347

Related Identifiers

CVE-2026-6328

Affected Products

Xquic

PT-2026-33006 · Xquic · Xquic

CVE-2026-6328

Weakness Enumeration

Related Identifiers

Affected Products

References · 5