HackerFeeds

CyberSecurity News

Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers

The Hacker News
· July 10, 2026

AI summary

A vulnerability in XQUIC, Alibaba's QUIC and HTTP/3 library, allows remote clients to crash HTTP/3 servers with a small amount of normal traffic. The issue, dubbed XRING, was disclosed by FoxIO researcher Sébastien Féry on July 8. It can be triggered by sending about 260 bytes of ordinary QPACK traffic, without requiring login or malformed packets. The flaw is due to a single incorrect variable on one line of code in XQUIC. Currently, there is no patch available for this vulnerability.

Read the full article at The Hacker Newsthehackernews.com/2026/07/unpatched-xring-flaw-in-xquic-lets.html

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.