Browse all 6 CVE security advisories affecting h3js. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33732 | srvx is vulnerable to middleware bypass via absolute URI in request line — srvxCWE-706 | 4.8 | Medium | 2026-03-26 |
| CVE-2026-33490 | h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes — h3CWE-706 | 3.7 | Low | 2026-03-26 |
| CVE-2026-33131 | h3 has a middleware bypass with one gadget — h3CWE-290 | 7.4 | High | 2026-03-20 |
| CVE-2026-33129 | h3 has an observable timing discrepancy in basic auth utils — h3CWE-208 | 5.9 | Medium | 2026-03-20 |
| CVE-2026-33128 | h3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream Fields — h3CWE-93 | 7.5 | High | 2026-03-20 |
| CVE-2026-23527 | h3 v1 has Request Smuggling (TE.TE) issue — h3CWE-444 | 8.9 | High | 2026-01-15 |
This page lists every published CVE security advisory associated with h3js. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.