CVE-2026-6869

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-6869

The CVE-2026-6869 affects the WebSocket protocol dissector in Wireshark, specifically versions 4.6.0–4.6.4 and 4.4.0–4.4.14, where an improper control of sequential memory allocation leads to a denial-of-service crash. The vulnerability is tied to the WebSocket dissector component and results in ...

CVE-2026-6869

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-6869 Improperly Controlled Sequential Memory Allocation in Wireshark

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-6869

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CryptPad 安全漏洞

CryptPad is an open-source collaboration suite developed by CryptPad. Version 2025.3.1 of CryptPad contains a security vulnerability caused by unlimited WebSocket frame flooding, which could allow remote unauthenticated attackers to significantly degrade or deny services to all users...

CVE-2026-6869

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

PT-2026-36127

CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2...

PT-2026-36077

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description A crash in the WebSocket protocol dissector allows for a denial of service. Recommendations At the moment, there is no information about a newer version...

Linux Distros Unpatched Vulnerability : CVE-2026-6869

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVE-2026-6869 Note that Nessus relies on the presenc...

Missing Authorization

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Missing Authorization via the /chat WebSocket endpoint when authentication is set to None and a workflow execution is in a waiting state. An attacker can gain unauthorized access to workflow...

n8n Vulnerable to Hijacking of Unauthenticated Chat Execution

Impact The /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state cou...

GHSA-F77H-J2V7-G6MW n8n Vulnerable to Hijacking of Unauthenticated Chat Execution

Impact The /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state cou...

CLSA-2026-1777446601 Fix CVE(s): CVE-2020-13935

SECURITY UPDATE: denial of service via crafted WebSocket frame with a 64-bit payload length whose most significant bit is set. The extended payload length read in WsFrameBase.processRemainingHeader was assembled into a Java long without validation. With bit 63 set the value became negative, which...

TencentOS Server 4: nodejs20 (TSSA-2026:0186)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0186 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CryptPad unbounded WebSocket frame flood

RISK EVALUATION CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. 2. RECOMMENDED PRACTICES Upgrade to 2026.2.2. 3. DESCRIPTION CryptPad 2025.3.1 allows unbounded WebSocket...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libsoup (UTSA-2026-015475)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015475 advisory. A flaw was found in libsoups WebSocket frame processing when handling incoming messages. If a non- default configuration is used where the maximum incoming payload...

CVE-2026-42421

OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing shared-token...

CVE-2026-41399

OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients...

CVE-2026-41400

OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service...