CVE-2026-40209

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or...

CVE-2026-40209 Denial of service via IXFR queries

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or...

CVE-2026-40209

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or...

EUVD-2026-39348

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or...

CVE-2026-40209

CVE-2026-40209 describes a denial-of-service risk where an attacker can send IXFR queries causing outgoing TCP connections to a backend to remain open until timeouts, potentially exhausting available file descriptors or hitting concurrent-connection limits. The core issue is a hang/linger conditi...

CVE-2025-10695

Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission = 'any', enabling unauthenticated SSRF for internal network scanning and service interaction. This issue affects...

PT-2025-40598

Name of the Vulnerable Software and Affected Versions OpenSupports version 4.11.0 Description Two unauthenticated diagnostic endpoints permit arbitrary backend-initiated network connections to a destination specified by an attacker. These endpoints are accessible without authentication due to a...

CVE-2019-20445

A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...

CVE-2019-20444

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...

CVE-2019-16869

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling. Mitigation Use HTTP/2 instead clear boundaries between requests Disable reuse of backend connections eg. http-reuse never in HAProxy or whateve...

CVE-2018-1002105

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary reques...