Security Advisory

CVE-2026-22904

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-09 07:40:00

Last updated 2026-02-09 15:34:53

Assigner CERTVDE

State PUBLISHED

Description

Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote code execution.

← Browse all CVEs View on cve.org ↗