Vulnerabilities in h3js
6 resultsCVE-2026-23527HIGHh3 v1 has Request Smuggling (TE.TE) issueEPSS 0.6%CVE-2026-33128HIGHh3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream FieldsEPSS 0.5%CVE-2026-33131HIGHh3 has a middleware bypass with one gadgetEPSS 0.4%CVE-2026-33129MEDIUMh3 has an observable timing discrepancy in basic auth utilsEPSS 0.3%CVE-2026-33732MEDIUMsrvx is vulnerable to middleware bypass via absolute URI in request lineEPSS 0.2%CVE-2026-33490LOWh3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching RoutesEPSS 0.2%