Primary

Context

webtransport-go Unbounded Memory Consumption Vulnerability

Vulnerability

A memory exhaustion vulnerability exists in webtransport-go versions prior to 0.10.0. The issue arises because closed WebTransport streams are not removed from an internal session map, preventing garbage collection of their resources. This oversight allows an attacker to create and close a large number of streams, causing unbounded memory consumption.

Impact

Exploitation of this vulnerability leads to excessive memory usage, as closed streams accumulate in the internal session map and are not properly cleaned up, causing the application to consume more memory over time.

Remediation

Users can upgrade to webtransport-go version 0.10.0 or later to address this vulnerability.

Added: Feb 12, 2026, 7:23 PM

Updated: Feb 12, 2026, 7:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

webtransport-go Unbounded Memory Consumption Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating