Security Advisory
CVE-2025-51846
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.