CVE-2026-48779 ws: Memory exhaustion DoS from tiny fragments and data chunks

Technical details for CVE-2026-48779 are not publicly available in the provided documents. Monitor for updates from the listed sources; the initial description includes affected versions and fixes, but no further technical specifics are provided here.

GHSA-96HV-2XVQ-FX4P ws: Memory exhaustion DoS from tiny fragments and data chunks

Impact A high volume of exceptionally small fragments and data chunks can be sent by a peer, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process...

ws: Memory exhaustion DoS from tiny fragments and data chunks

Impact A high volume of exceptionally small fragments and data chunks can be sent by a peer, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process...

PT-2026-49552

Name of the Vulnerable Software and Affected Versions ws versions 1.1.0 through 5.2.4 ws versions 6.0.0 through 6.2.3 ws versions 7.0.0 through 7.5.10 ws versions 8.0.0 through 8.20.9 Description ws is an open source WebSocket client and server for Node.js. A peer can send a high volume of...