{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T18:21:44.777","vulnerabilities":[{"cve":{"id":"CVE-2026-21435","sourceIdentifier":"security-advisories@github.com","published":"2026-02-12T19:15:51.503","lastModified":"2026-02-19T22:51:49.417","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream, blocking transmission of the WT_CLOSE_SESSION capsule and causing the close operation to hang. This vulnerability is fixed in v0.10.0."},{"lang":"es","value":"webtransport-go es una implementación del protocolo WebTransport. Antes de la v0.10.0, un atacante puede causar una denegación de servicio en webtransport-go al impedir o retrasar indefinidamente el cierre de la sesión WebTransport. Un par malicioso puede retener el crédito de control de flujo QUIC en el flujo CONNECT, bloqueando la transmisión de la cápsula WT_CLOSE_SESSION y haciendo que la operación de cierre se cuelgue. Esta vulnerabilidad está corregida en la v0.10.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quic-go:webtransport-go:*:*:*:*:*:go:*:*","versionEndExcluding":"0.10.0","matchCriteriaId":"D64C55F6-7FB5-4D98-9E14-99F89DD9F3E4"}]}]}],"references":[{"url":"https://github.com/quic-go/webtransport-go/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/quic-go/webtransport-go/security/advisories/GHSA-px4r-g4p3-hhqv","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}