CVE-2026-44545
CVE-2026-44545 affects daphne before 4.2.2. The issue arises because it did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn’s WebSocketServerFactory. Autobahn defaults these values to 0 (unlimited), enabling an unauthenticated remote attacker to send arbitrarily large WebSocket ...