A single wrong variable on one line in XQUIC, Alibaba's QUIC
and HTTP/3 library, lets any remote client crash the server with a
short burst of completely legal traffic. There is no patch. FoxIO
researcher Sébastien Féry disclosed the flaw on July
8 and nicknamed it XRING. He says it needs no login and no
malformed packets: about 260 bytes of ordinary QPACK traffic takes
the server
Read more https://thehackernews.com/2026/07/unpatched-xring-flaw-in-xquic-lets.html

