CVE-2026-44697
CVE-2026-44697 describes a remote denial-of-service in Klever-Go where a peer can cause a receiving node to allocate multi-gigabytes of heap from a sub-50 KiB compressed gossip payload. The root cause is an unbounded gzip decompression in Batch.Decompress (Batch.Stream) via Batch.Decompress/Batch...