CVE-2026-42544 Granian: Unauthenticated DoS via WebSocket subprotocol header panic

Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction...

GHSA-VRG7-482J-P6F6 Granian vulnerable to unauthenticated DoS via WebSocket subprotocol header panic

Summary Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction path, before the ASGI application is invoked. This is a single-request...

CVE-2026-35523 Authentication bypass in strawberry-graphql via legacy graphql-ws WebSocket subprotocol

Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a connectioninit handshake has been completed before...

CVE-2026-35523

CVE-2026-35523 affects Strawberry GraphQL up to version 0.312.3, where the legacy graphql-ws WebSocket subprotocol may bypass authentication on WebSocket subscription endpoints. The root cause is that the graphql-ws handshake (connection_init) is not verified before processing start/subscription ...

CVE-2026-35523 Authentication bypass in strawberry-graphql via legacy graphql-ws WebSocket subprotocol

Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a connectioninit handshake has been completed before...

RUSTSEC-2026-0004 Triton VM Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...

Adding NFTS with AssociationType ORDERED or PRIMARY may cause overwriting

Risk rating Medium Risk Links to affected code Impact Subprotocol NFTs may be trapped in contract CidNFT forever. Proof of Concept When adding NFT to CidNFT with AssociationType ORDERED or PRIMARY, the cidData is written directly, without checking and handling the case that a previously added nft...

If no association type matched, user will end up paying fee for nothing

Lines of code Vulnerability details Impact Users can add a new entry for the given subprotocol to the provided CID NFT. There are possible three different association types ordered, primary, active that can be used to model different types of associations between the CID NFT and subprotocol. For...

CidNFT#add will break if _type is not passed in correctly

Lines of code Vulnerability details Impact CIDNFT holders that wants to add subprotocols to their NFT will not be able to anymore because the subprotocol NFT will be stuck in the CidNFT.sol contract. Proof of Concept When a CIDNFT holder wants to add subprotocols to their NFT, he will call...

User may charge any amount of fees when registering a subprotocol

Lines of code Vulnerability details Impact When registering a subprotocol, the user may enter any amount of fees. There are no checks implemented. Proof of Concept The register function does not have a check for the fee. A limit may be imposed otherwise a user can register a subprotocol with any...

Griefing risk in mint

Lines of code Vulnerability details Impact CidNFT.mint has an optional parameter addList that enables users to register subprotocol NFTs to the CID NFT right after the mint. However, there is no guarantee that the cidNFTID encoded in addList is the same ID as the newly minted NFT. If there is a...

ERC721 safeTransferFrom is not enough to safeguard a subprotocol NFT

Lines of code Vulnerability details Proof of Concept There is a safeguard mechanism to ensure that no transfers of the subprotocol NFT happen after said NFT is tied to the CID NFT. Without it, someone could transfer or even burn the subprotocol NFT while it is still associated. // The CID Protoco...

An approved operator of a CID NFT owner can steall any subprotocol NFTs from the CID NFT Owner and his other approved operators.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. An approved operator of a CID NFT owner, if becomes malicious or compromised, can steal any subprotocol NFTs from the CID NFT Owner and his other approved operators. This is possible because: after...

Attacker can steal subprotocol NFT from user who use mint and add

Lines of code Vulnerability details Impact CidNFT.mintbytes allow user to mint and add subprotocol NFTs directly after minting. The addList args to the add call include the cidNFTID param, which can change if there are other mint before the user's transaction. Additionally, CidNFT.add only check ...

Fee can be transferred to the zero address while subprotocol registeration

Lines of code Vulnerability details Impact Everytime user register a new subprotocol to the registry contract, the registry contract transfer the fee to the cidFeeWallet from the registrar. There is missing vaildation that the transfer should not goes to zero address. If no address has been set f...

EPoD: Ethereum Packet of Death (CVE-2018-12018)

PeckShield has so far discovered quite a few critical smart contract vulnerabilities. Besides smart contracts, the Ethereum ecosystem also includes other various components that are equally exposed to possible exploitation. Obviously, one such component is the core of Ethereum, i.e., the underlyi...

CVE-2018-0490

An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service NULL pointer dereference and directory-authority crash via a misformatted rel...

CVE-2018-0490

An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service NULL pointer dereference and directory-authority crash via a misformatted rel...

CVE-2018-0490

An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service NULL pointer dereference and directory-authority crash via a misformatted rel...