In Qt through 5.14.1 the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).

🗓️ 01 Oct 2021 07:00:00Reported by MicrosoftType

Qt WebSocket up to 5.14.1 accepts 2GB frames and 2GB messages; limits cannot be changed, enabling memory denial of service.

Reporter	Title	Published	Views	Family All 42
Tenable Nessus	AlmaLinux 8 : qt5-qtbase and qt5-qtwebsockets (ALSA-2020:4690)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : qt5-qtbase and qt5-qtwebsockets (CESA-2020:4690)	1 Feb 202100:00	–	nessus
Tenable Nessus	MiracleLinux 8 : qt5-qtbase-5.12.5-6.el8, qt5-qttools-5.12.5-2.el8, qt5-qtwebsockets-5.12.5-2.el8 (AXSA:2021-1450:01)	19 Jan 202600:00	–	nessus
Tenable Nessus	NewStart CGSL MAIN 6.02 : qt5-qtwebsockets Vulnerability (NS-SA-2021-0085)	10 Mar 202100:00	–	nessus
Tenable Nessus	Oracle Linux 8 : qt5-qtbase / and / qt5-qtwebsockets (ELSA-2020-4690)	12 Nov 202000:00	–	nessus
Tenable Nessus	RHEL 8 : qt5-qtbase and qt5-qtwebsockets (RHSA-2020:4690)	4 Nov 202000:00	–	nessus
Tenable Nessus	RHEL 7 : qt5-qtwebsockets (Unpatched Vulnerability)	11 May 202400:00	–	nessus
Tenable Nessus	RHEL 7 : qt5-qtwebsockets (Unpatched Vulnerability)	3 Jun 202400:00	–	nessus
Tenable Nessus	Rocky Linux 8 : qt5-qtbase and qt5-qtwebsockets (RLSA-2020:4690)	7 Nov 202300:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2018-21035	4 Mar 202500:00	–	nessus

Vulners

Node

18 Feb 2026 22:24Current

7High risk

Vulners AI Score7

CVSS 25

CVSS 3.17.5

CVSS 38.6

EPSS0.00465