Количество 2
Количество 2
CVE-2026-21874
NiceGUI is a Python-based UI framework. From versions v2.10.0 to 3.4.1, an unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI application using Redis-backed storage. Connections are never released, leading to service degradation when Redis hits its connection limit. NiceGUI continues accepting new connections - errors are logged but the app stays up with broken storage functionality. This issue has been patched in version 3.5.0.
GHSA-mp55-g7pj-rvm2
NiceGUI has Redis connection leak via tab storage causes service degradation
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-21874 NiceGUI is a Python-based UI framework. From versions v2.10.0 to 3.4.1, an unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI application using Redis-backed storage. Connections are never released, leading to service degradation when Redis hits its connection limit. NiceGUI continues accepting new connections - errors are logged but the app stays up with broken storage functionality. This issue has been patched in version 3.5.0. | CVSS3: 5.3 | 0% Низкий | около 1 месяца назад |
| GHSA-mp55-g7pj-rvm2 NiceGUI has Redis connection leak via tab storage causes service degradation | CVSS3: 5.3 | 0% Низкий | около 1 месяца назад |
Уязвимостей на страницу