JLSEC-2026-20

🗓️ 01 Apr 2026 15:14:44Reported by GoogleType

osv

osv🔗 osv.dev

Hyperium Hyper before 0.14.19 allows customization of the max_header_list_size in HTTP two, enabling attacks.

Reporter	Title	Published	Views	Family All 46
Tenable Nessus	Amazon Linux 2023 : aws-nitro-enclaves-cli, aws-nitro-enclaves-cli-devel, aws-nitro-enclaves-cli-integration-tests (ALAS2023-2023-129)	21 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : aws-nitro-enclaves-cli (ALASNITRO-ENCLAVES-2023-021)	22 Mar 202300:00	–	nessus
Tenable Nessus	CBL Mariner 2.0 Security Update: rpm-ostree (CVE-2022-31394)	3 Jul 202400:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : aws-nitro-enclaves-cli (SUSE-SU-2023:1844-1)	15 Apr 202300:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rustup (SUSE-SU-2023:2603-1)	23 Jun 202300:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : sccache (SUSE-SU-2023:3526-1)	6 Sep 202300:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : gstreamer-plugins-rs (SUSE-SU-2024:0090-1)	12 Jan 202400:00	–	nessus
Amazon	Important: aws-nitro-enclaves-cli	22 Mar 202300:00	–	amazon
Amazon	Important: aws-nitro-enclaves-cli	21 Mar 202300:00	–	amazon
CBLMariner	CVE-2022-31394 affecting package rpm-ostree for versions less than 2022.1-4	24 Mar 202323:57	–	cbl_mariner

Source	Link
github	www.github.com/hyperium/hyper/compare/v0.14.18...v0.14.19
github	www.github.com/hyperium/hyper/issues/2826
github	www.github.com/hyperium/hyper/pull/2828
github	www.github.com/hyperium/hyper/compare/v0.14.18...v0.14.19
github	www.github.com/hyperium/hyper/issues/2826
github	www.github.com/hyperium/hyper/pull/2828

01 Apr 2026 15:30Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.17.5

EPSS0.00348

SSVC

Hyperium Hyper http two attacks max header list size third party h2