CVE-2026-21438 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2026-21438 Interim 1 1 2026-03-05T00:18:41Z current 2026-03-05T00:18:41Z 2026-03-05T00:18:41Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2026-21438 webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their resources. This vulnerability is fixed in v0.10.0. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2026-March/024527.html E-Mail link for SUSE-SU-2026:0757-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their resources. This vulnerability is fixed in v0.10.0. CVE-2026-21438 moderate