An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
{ "urgency": "end-of-life" }
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-42005.json"
{ "urgency": "not yet assigned" }