CVE-2026-44545
EUVD-2026-3409103.06.2026, 14:16
daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 (unlimited), an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory consumption and a denial of service.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| djangoproject | daphne | 𝑥 < 4.2.2 |
𝑥
= Vulnerable software versions
Debian Releases