Primary

Context

Daphne WebSocket Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Daphne versions prior to 4.2.2. The issue arises because Daphne did not impose limits on WebSocket message or frame sizes, allowing an unauthenticated remote attacker to send excessively large WebSocket messages or frames. This lack of restriction led to significant memory consumption on the server, causing a denial-of-service condition.

Impact

Exploitation of this vulnerability could lead to excessive memory usage on the server, causing a denial-of-service condition where the server becomes unresponsive or unavailable.

Remediation

Users can upgrade to Daphne version 4.2.2 or later, where this vulnerability has been fixed. Instructions for updating can be found in the project's GitHub repository.

Added: Jun 3, 2026, 2:38 PM

Updated: Jun 3, 2026, 2:38 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

9.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

9.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Daphne WebSocket Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

daphne

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating