JohnPerifanis/cryptpad-cve-2025-51846-advisory

Releases0

Sanitized advisory for CVE-2025-51846 affecting CryptPad WebSocket handling.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-51846 ↗	Apr 30, 2026Thursday, 30 April 2026, 17:16	7.5 HIGH	—
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.