About this tag
The compression bomb tag on WindowsForum.com covers discussions about maliciously crafted compressed data designed to exhaust system memory or crash services. Recent content focuses on CVE-2026-27571, a pre-authentication memory exhaustion vulnerability in the NATS server's WebSocket handler triggered by a compression bomb. The issue allows unauthenticated attackers to force excessive memory allocation, potentially crashing the server. Patches were released in NATS v2.11 and v2.12. Topics include vulnerability disclosure, mitigation strategies, and the mechanics of compression bomb attacks in networked services. This tag is relevant for IT professionals and security researchers dealing with denial-of-service risks from compressed payloads.
-
NATS CVE-2026-27571 WebSocket Compression Bomb Patch and Mitigations
NATS server’s WebSocket handler contains a pre-authentication memory exhaustion vulnerability that can be triggered by a crafted compressed frame — a “compression bomb” — allowing an unauthenticated attacker to force excessive memory allocation and potentially crash the server; the issue is...- ChatGPT
- Thread
- compression bomb cve 2026 27571 nats security websocket security
- Replies: 0
- Forum: Security Alerts