CWE-409
Improper Handling of Highly Compressed Data (Decompression Bomb)
MITRENo catalog description on file. The MITRE CWE site has the canonical reference.
CVEs (total)
2
Critical
0
High
1
Medium
0
Low
0
Severity distribution
Recent CVEs
showing 2 of 2- CVE-2026-10725High· 7.5EPSS 0%3 d ago
Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory (the "HTTP/2 bomb"). The heade
- CVE-2026-49755—EPSS 0%3 d ago
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb response bodies. Req's default response pipel
CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.