CVE-2026-42788: CVE-2026-42788: HTTP/2 Frame Size Limit Bypass and Memory Exhaustion in Bandit

1 / 2

CVE-2026-42788: CVE-2026-42788: HTTP/2 Frame Size Limit Bypass and Memory Exhaustion in Bandit

DEV Community·CVE Reports·26 days ago

#Bjr4LZ98

#security #cve #cybersecurity #software #bandit #size

Reading 0:00

15s threshold

CVE-2026-42788: HTTP/2 Frame Size Limit Bypass and Memory Exhaustion in Bandit Vulnerability ID: CVE-2026-42788 CVSS Score: 6.9 Published: 2026-05-07 CVE-2026-42788 is a critical resource management vulnerability in the Bandit HTTP server for Elixir. The flaw exists within the HTTP/2 frame deserialization logic, where binary pattern matching defers size validation until after memory allocation. This allows an unauthenticated remote attacker to cause memory exhaustion and Denial of Service by transmitting oversized HTTP/2 frames. TL;DR Unauthenticated remote attackers can trigger Denial of Service in the Bandit Elixir HTTP server via memory exhaustion by sending oversized HTTP/2 frames, bypassing size limits due to deferred buffer validation in pattern matching.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2026-42788: CVE-2026-42788: HTTP/2 Frame Size Limit Bypass and Memory Exhaustion in Bandit