CVE-2026-44545

Name of the Vulnerable Software and Affected Versions daphne versions prior to 4.2.2

Description An unauthenticated remote attacker can cause excessive memory consumption and a denial of service by sending arbitrarily large WebSocket messages or frames. This occurs because maxFramePayloadSize and maxMessagePayloadSize are not passed to Autobahn's WebSocketServerFactory function, which defaults both values to 0, meaning they are unlimited.

Recommendations Update to version 4.2.2 or later.