CVE-2026-43970: Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
Overview
- Severity
- N/A
- Exploit Status
- Not Exploited
- Patch Tuesday
- 2026-May
- Released
- 2026-05-21
- EPSS Score
- 0.18% (percentile: 39.7%)
Affected Products (1)
Open Source Software
- azl3 rabbitmq-server 3.13.7-3 on Azure Linux 3.0
Revision History
- 2026-05-21: Information published.