{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T05:41:49.180","vulnerabilities":[{"cve":{"id":"CVE-2026-21438","sourceIdentifier":"security-advisories@github.com","published":"2026-02-12T19:15:51.677","lastModified":"2026-02-19T22:50:30.217","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their resources. This vulnerability is fixed in v0.10.0."},{"lang":"es","value":"webtransport-go es una implementación del protocolo WebTransport. Antes de la versión 0.10.0, un atacante podía causar un consumo de memoria ilimitado creando y cerrando repetidamente muchas transmisiones WebTransport. Las transmisiones cerradas no se eliminaban de un mapa de sesión interno, lo que impedía la recolección de basura de sus recursos. Esta vulnerabilidad está corregida en la v0.10.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-401"},{"lang":"en","value":"CWE-459"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quic-go:webtransport-go:*:*:*:*:*:go:*:*","versionEndExcluding":"0.10.0","matchCriteriaId":"D64C55F6-7FB5-4D98-9E14-99F89DD9F3E4"}]}]}],"references":[{"url":"https://github.com/quic-go/webtransport-go/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/quic-go/webtransport-go/security/advisories/GHSA-2f2x-8mwp-p2gc","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}