Skip to content

quinn-proto 0.11.12 in bridge/Cargo.lock vulnerable to CVE-2026-31812 (unauthenticated remote DoS) #1358

Closed
#1357
Closed
quinn-proto 0.11.12 in bridge/Cargo.lock vulnerable to CVE-2026-31812 (unauthenticated remote DoS)#1358
#1357
@dtjldamien

Description

@dtjldamien
dtjldamien
opened on Mar 11, 2026

Summary

The bundled temporalio/bridge/Cargo.lock pins quinn-proto to v0.11.12, which is affected by CVE-2026-31812 — an unauthenticated remote DoS via panic in QUIC transport parameter parsing.

See: https://github.com/temporalio/sdk-python/blob/main/temporalio/bridge/Cargo.lock

Fix

Updating quinn-proto to >= 0.11.14 resolves the CVE.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions