CVE-2026-44434
Quicly (QUIC protocol implementation used with H2O HTTP server) was vulnerable to stateless reset injection before commit dccf5d4 due to lack of packet entry validation, allowing an on-path attacker to reset QUIC connections by exploiting zero-initialized secret-pattern slots. The issue has been ...