Astra Linux - уязвимость в golang-golang-x-net, golang-1.15

In Go, before versions 1.15.12 and 1.16.x, and before version 1.16.4, net/http allowed remote attackers to cause a denial of service panic through a large header sent to ReadRequest or ReadResponse. This issue can affect the Server, Transport, and Client components in certain configurations...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set the object to close if ondemandid 0 in copen. If copen is called maliciously in user mode, it may delete the request corresponding to the random ID. Moreover, the request may not have been read yet. Note that when...

SUSE CVE-2026-43223

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2sendrequestex When pvr2sendrequestex submits a write URB successfully but fails to submit the read URB e.g. returns -ENOMEM, it returns immediately without waiting for the write URB to complete...

CVE-2026-43223

A flaw was found in the Linux kernel's pvrusb2 media driver. When the pvr2sendrequestex function submits a write USB Request Block URB but fails to submit a read URB, the write URB remains active. A subsequent attempt to use this URB triggers a warning, which can lead to system instability or a...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2newreadreq This happens when called from SMB2read while using rdma and reaching the rdmareadwritethreshold...

CVE-2026-34062

CVE-2026-34062 affects the Nimiq libp2p integration. Before version 1.3.0, MessageCodec::read_request and read_response call read_to_end() on inbound substreams, allowing a remote peer to send only a partial frame and keep the substream open. Additionally, Behaviour::new sets with_max_concurrent_...

CVE-2026-39313

mcp-framework is a framework for building Model Context Protocol MCP servers. In versions 0.2.21 and below, the readRequestBody function in the HTTP transport concatenates request body chunks into a string with no size limit. Although a maxMessageSize configuration value exists, it is never...

CVE-2026-39313 MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport

mcp-framework is a framework for building Model Context Protocol MCP servers. In versions 0.2.21 and below, the readRequestBody function in the HTTP transport concatenates request body chunks into a string with no size limit. Although a maxMessageSize configuration value exists, it is never...

CVE-2026-39313

mcp-framework is a framework for building Model Context Protocol MCP servers. In versions 0.2.21 and below, the readRequestBody function in the HTTP transport concatenates request body chunks into a string with no size limit. Although a maxMessageSize configuration value exists, it is never...

CVE-2026-39313 MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport

mcp-framework is a framework for building Model Context Protocol MCP servers. In versions 0.2.21 and below, the readRequestBody function in the HTTP transport concatenates request body chunks into a string with no size limit. Although a maxMessageSize configuration value exists, it is never...

CVE-2026-39313

CVE-2026-39313 affects mcp-framework's HTTP transport (readRequestBody) where concatenation of request chunks has no size limit. Versions 0.2.21 and earlier are vulnerable; an unauthenticated remote attacker can crash an HTTP server by sending a single large POST to /mcp, causing memory exhaustio...

GHSA-353C-V8X9-V7C3 MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport

Summary The readRequestBody function in src/transports/http/server.ts concatenates HTTP request body chunks into a string with no size limit, allowing a remote unauthenticated attacker to crash the server via memory exhaustion with a single large HTTP POST request. Details File:...

Allocation of Resources Without Limits or Throttling

Overview mcp-framework is a Framework for building Model Context Protocol MCP servers in Typescript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the readRequestBody function. An attacker can exhaust system memory and cause a server...

MCP Framework 安全漏洞

MCP Framework is a TypeScript framework developed by Alex Andru as a building block for context protocols. Versions of the MCP Framework prior to 0.2.21 contained security vulnerabilities. These vulnerabilities stemmed from the readRequestBody function in HTTP transmissions, which concatenated th...

PT-2026-33368

Name of the Vulnerable Software and Affected Versions mcp-framework versions prior to 0.2.22 Description The readRequestBody function in the HTTP transport concatenates request body chunks into a string without enforcing a size limit. Although a maxMessageSize configuration value exists, it is no...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005441)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005441 advisory. In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path o...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005009)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005009 advisory. In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path o...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46686)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46686 advisory. - In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NU...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-003887)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003887 advisory. An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992899)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992899 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Add workaround for Errata i2037 AM65x SR 1.0 Errata i2037 in AM65x/DRA80xM...