FRIDAY, JULY 10, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Security · 1h ago

Unpatched XRING Flaw in Alibaba's XQUIC Lets Remote Clients Crash HTTP/3 Servers

By Meridian48 News Desk · Summarised from The Hacker News ·

A single variable error in Alibaba's XQUIC library allows any remote client to crash HTTP/3 servers with just 260 bytes of normal traffic. FoxIO researcher Sébastien Féry disclosed the flaw, named XRING, on July 8. No patch is available yet, and the attack requires no authentication or malformed packets.

Meridian48 take
The lack of a patch for a trivial-to-exploit flaw in a widely used library underscores the fragility of QUIC/HTTP/3 implementations.
Read the full reporting
Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers →
The Hacker News
xquichttp3
More security briefs
Go deeper on security
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan