CVE-2024-39936 HIGH

CVE-2024-39936

Vendor N/A
Product n/a
Published July 4, 2024
Last update November 29, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:C/UI:N

What the vulnerability does

01Description

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Key dates

02Disclosure timeline

July 4, 2024 CVE published
November 29, 2025 Record updated