CVE-2026-34219HIGHCVSS 8.2fixed in 0.49.42026-03-31
CVE-2026-34219 [HIGH] CWE-190 CVE-2026-34219: libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to ve
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled, near-maximum backoff value, the value is accepted and
ghsanvdosv