Security Advisory

CVE-2025-51846

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-30 16:35:59
Last updated 2026-04-30 17:15:30
Assigner cisa-cg
State PUBLISHED

Description

CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.