CVE ID :CVE-2026-33129 Published : March 20, 2026, 9:41 a.m. | 24 minutes ago Description :H3 is a minimal H(TTP) framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison (!==). This allows an attacker to deduce the valid password character-by-character by measuring the server's response time, effectively bypassing password complexity protections. This issue is fixed in version 2.0.1-rc.9. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...