All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-11586
NONEpublished 2026-07-03 07:16 UTC · 1 day ago
CVSS / 10
// description
By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages.