CVE-2026-40170 | ngtcp2 up to 1.22.0 ngtcp2_qlog_parameters_set_transport_params stack-based overflow (GHSA-f523-465f-8c8f)

A vulnerability classified as critical has been found in ngtcp2 up to 1.22.0. The affected element is the function ngtcp2_qlog_parameters_set_transport_params. This manipulation causes stack-based buffer overflow.

The identification of this vulnerability is CVE-2026-40170. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More