CVE-2026-6328 HIGH

CVE-2026-6328: XQUIC Improper STREAM Frame Validation in Initial/Handshake Packets

Vendor Xquic Project
Product XQUIC
Weakness CWE-20 · Input validation
Published April 15, 2026
Last update April 15, 2026
View on NVD All CVEs

CVSS base score

8.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.This issue affects XQUIC: through 1.8.3.

Key dates

02Disclosure timeline

April 15, 2026 CVE published
April 15, 2026 Record updated