CVE-2026-10740
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk11th percentile — higher than 11% of all known CVEs
Summary
Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before version 1.8.2 may allow an unauthenticated remote actor to cause a denial of service by sending crafted QUIC Initial packets.
Risk Assessment
The organization may experience degraded availability of services, leading to disruptions in system operations.
Recommendation
It is recommended to upgrade to version 1.8.2 to remediate this vulnerability.
Original NVD description (English source)
Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service (degraded availability) by sending crafted QUIC Initial packets. To remediate this issue, users should upgrade to v1.8.2.

