Medium4.3Red Hat Linux Updated
Denial of Service via malformed headers
CVE-2026-14631 Published Jul 3, 2026Updated by vendor Jul 3, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
Denial of Service via malformed headers. Red Hat rates this moderate (CVSS 4.3). Weakness: CWE-248.
Fixed versions
- 5.2.5
- 5.2.6
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- webpack-dev-server should never be exposed to untrusted networks. By default, it binds to localhost only. Users who run webpack-dev-server during development should ensure it remains bound to localhost and upgrade to version 5.2.6 or later, which fixes the malformed header handling.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.