{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6328", "assignerOrgId": "0cc2b86d-1d45-434d-ae74-11d09ec61ae8", "state": "PUBLISHED", "assignerShortName": "alibaba", "dateReserved": "2026-04-15T02:43:22.187Z", "datePublished": "2026-04-15T03:18:10.428Z", "dateUpdated": "2026-04-15T03:18:10.428Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "0cc2b86d-1d45-434d-ae74-11d09ec61ae8", "shortName": "alibaba", "dateUpdated": "2026-04-15T03:18:10.428Z"}, "title": "XQUIC Improper STREAM Frame Validation in Initial/Handshake Packets", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper input validation", "type": "CWE"}]}, {"descriptions": [{"lang": "en", "cweId": "CWE-347", "description": "CWE-347 Improper verification of cryptographic signature", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-272", "descriptions": [{"lang": "en", "value": "CAPEC-272 Protocol Manipulation"}]}], "affected": [{"vendor": "XQUIC Project", "product": "XQUIC", "platforms": ["Linux"], "collectionURL": "https://github.com", "packageName": "xquic", "repo": "https://github.com/alibaba/xquic", "modules": ["QUIC protocol implementation", "packet processing module", "STREAM frame handler"], "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "1.8.3", "changes": [{"at": "1.9.0", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.This issue affects XQUIC: through 1.8.3.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.<p>This issue affects XQUIC: through 1.8.3.</p>"}]}], "references": [{"url": "https://github.com/alibaba/xquic/commit/4764604a0e487eeb49338b4498aecda2194eae84"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{}

{}

{}

{}