GHSA-VXPW-J846-P89Q undici WebSocket client vulnerable to denial of service via fragment count bypass

Impact The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

CVE-2026-47124

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users...

CVE-2026-53821 OpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocket

OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execut...

CVE-2026-53777 Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifactname field of ArtifactReady WebSocket messages. Attackers controlli...

CVE-2026-53777

Perry before 0.5.1159 contains a path traversal vulnerability in the ArtifactReady WebSocket messages. Unsanitized path components in artifact_name (and download_path) allow a malicious build server to write arbitrary content to any location writable by the running process, potentially overwritin...

PT-2026-48626

Name of the Vulnerable Software and Affected Versions Spring for GraphQL versions 1.0.0 through 1.0.6 Spring for GraphQL versions 1.3.0 through 1.3.8 Spring for GraphQL versions 1.4.0 through 1.4.5 Spring for GraphQL versions 2.0.0 through 2.0.3 Description Applications using the WebSocket...

USN-8417-1: Tomcat vulnerabilities

It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. CVE-2026-41284 It was discovered that Tomcat incorrectly validated HTTP/2...

PT-2026-48352

Name of the Vulnerable Software and Affected Versions ESF-IDF version 5.2.6 ESF-IDF version 5.3.5 ESF-IDF version 5.4.4 ESF-IDF version 5.5.4 ESF-IDF version 6.0 Description A NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esp http server component. During th...

CVE-2026-5067 Out-of-bounds read/write in HTTP WebSocket upgrade via non-null-terminated Sec-WebSocket-Key

A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL termination when the...

CVE-2026-41838 Spring Framework Predictable Session ID in WebSocket Module

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...

Generation of Predictable Numbers or Identifiers

Overview org.springframework:spring-websocket is a framework that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Generation of Predictable Numbers ...

CVE-2026-46544

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied sessionid values in WebSocket task messages and reuses an existing in-memory session object if that sessionid already exists. If a prior session...

PT-2026-45491

Summary Vitest browser mode served / vitest test / with the otelCarrier query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes arbitrary JavaScript in the Vite...

EUVD-2026-33353

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

PT-2026-44937

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

CVE-2026-44985

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables...

poc-ccweb-unauth-rce

CVE — pqhaz3925/ccweb Unauthenticated RCE via Claude Code Cont...

CVE-2026-46544

Technical details beyond the provided CVE description are not publicly available in the supplied documents. Monitor for updates from the referenced UFO advisory and CVE entry.

PT-2026-44122

Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description Microsoft UFO is an open-source framework for intelligent automation across devices and platforms. The software accepts client-supplied session id values in WebSocket task messages and reuses...

Malicious code in logger-draft (npm)

Part of a multi-package malicious campaign by npm author toskypi, logger-draft is a companion package to eo-terminal in the same infostealer and remote access trojan RAT campaign. Both packages share the same actor, C2 infrastructure, and attack pattern, and are distributed together under a...