Out-of-Bounds Write Vulnerability in Xquic Server on Linux
CVE-2026-1788

6.6MEDIUM

Key Information:

Vendor: Xquic Project
Status: Xquic Server
Vendor: CVE Published:; 3 February 2026

🔔 Create Xquic Project Vulnerability Alert

What is CVE-2026-1788?

The Xquic Server on Linux is affected by an out-of-bounds write vulnerability that can lead to buffer manipulation. This flaw exists within the QUIC protocol implementation’s packet processing module and can impact certain versions of the Xquic Server, specifically versions up to 1.8.3. This vulnerability poses a significant risk as it may allow attackers to exploit the affected server, leading to unpredictable behavior or potential system compromise. It’s crucial for users of the affected versions to apply necessary updates and security measures to mitigate this risk.

Affected Version(s)

Xquic Server Linux 0 <= 1.8.3

References

https://github.com/alibaba/xquic

CVSS V4

Score:

6.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2026
Vulnerability Reserved
Feb 3, 2026

CVE-2026-1788 Data

JSON