PT-2026-51742 · Git · Curl
Published
2026-06-24
·
Updated
2026-06-24
·
CVE-2026-11586
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
By default, curl automatically responds to WebSocket PING frames. Because curl
lacks an upper bound on memory allocation for unacknowledged frames, a
malicious server can exhaust all available memory by flooding curl with rapid,
sequential PING messages.
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Curl