Lucene search
K

323 matches found

OSV
OSV
added 2026/03/12 9:16 p.m.3 views

DEBIAN-CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS7.5AI score0.00874EPSS
Exploits0References1
NVD
NVD
added 2026/03/12 9:16 p.m.6 views

CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS0.00874EPSS
Exploits0References23
OSV
OSV
added 2026/03/12 9:16 p.m.3 views

CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS5.8AI score
Exploits0References4
OSV
OSV
added 2026/03/12 9:16 p.m.2 views

DEBIAN-CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS7.5AI score0.0115EPSS
Exploits0References1
NVD
NVD
added 2026/03/12 9:16 p.m.4 views

CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS0.0115EPSS
Exploits0References22
OSV
OSV
added 2026/03/12 9:16 p.m.3 views

UBUNTU-CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS5.8AI score0.0115EPSS
Exploits0References2
OSV
OSV
added 2026/03/12 9:16 p.m.4 views

UBUNTU-CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS5.7AI score0.00874EPSS
Exploits0References2
CVE
CVE
added 2026/03/12 8:27 p.m.54 views

CVE-2026-2229

The CVE affects the undici WebSocket client. It arises from improper validation of the server_max_window_bits parameter in the permessage-deflate extension: isValidClientWindowBits() only checks ASCII digits and not the 8–15 range, and createInflateRaw() is not wrapped in a try-catch. A malicious...

7.5CVSS5.8AI score0.00874EPSS
Exploits0References23Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/12 8:27 p.m.5 views

CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS5.8AI score0.00874EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/12 8:27 p.m.28 views

CVE-2026-2229 undici is vulnerable to Unhandled Exception in undici WebSocket Client Due to Invalid server_max_window_bits Validation

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS0.00874EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/03/12 8:27 p.m.4 views

CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS7.5AI score0.00874EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/12 8:8 p.m.4 views

CVE-2026-1526 undici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS5.8AI score0.0115EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/12 8:8 p.m.6 views

CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS5.8AI score0.0115EPSS
Exploits0References5
CVE
CVE
added 2026/03/12 8:8 p.m.73 views

CVE-2026-1526

undici WebSocket PerMessageDeflate.decompress() can accumulate decompressed data without a size limit, enabling a decompression bomb that may exhaust Node.js memory and crash or render the process unresponsive. The description specifies a denial-of-service via memory exhaustion. No remediation or...

7.5CVSS5.8AI score0.0115EPSS
Exploits0References22Affected Software1
Debian CVE
Debian CVE
added 2026/03/12 8:8 p.m.10 views

CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS7.5AI score0.0115EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/12 8:8 p.m.40 views

CVE-2026-1526 undici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS0.0115EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.8 views

undici 安全漏洞

Undici is an open-source HTTP/1.1 client developed by Node.js. Undici has a security vulnerability, which stems from improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. This vulnerability may lead to denial-of-service attacks...

7.5CVSS6.8AI score0.00874EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.7 views

undici 安全漏洞

Undici is an open-source HTTP/1.1 client developed by Node.js. Undici has a security vulnerability that stems from unlimited memory consumption during the decompression of permessage-deflate. This vulnerability could allow malicious WebSocket servers to send small compressed frames, causing the...

7.5CVSS6.8AI score0.0115EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.4 views

PT-2026-25076

Name of the Vulnerable Software and Affected Versions undici versions prior to 7.24.0 Description The undici WebSocket client is susceptible to a denial-of-service attack because of insufficient validation of the server max window bits parameter within the permessage-deflate extension. When a...

7.5CVSS6.7AI score0.00874EPSS
Exploits0References224
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-25065

Name of the Vulnerable Software and Affected Versions undici versions prior to 7.24.0 Description The undici WebSocket client is susceptible to a denial-of-service condition due to unrestricted memory usage during permessage-deflate decompression. When a WebSocket connection utilizes the...

7.5CVSS7.1AI score0.0115EPSS
Exploits0References226
Rows per page
Query Builder