Product

Undici (Versions 7.0.0 Through 7.27.x)

1 brief RSS

undici WebSocket Client Vulnerable to Denial of Service (CVE-2026-12151)

The `undici` WebSocket client is vulnerable to CVE-2026-12151, a high-severity denial of service attack where a malicious WebSocket server can stream numerous small continuation frames that bypass `maxPayloadSize` checks, causing unbounded memory growth and exhaustion in affected client processes.

undici +2 denial-of-service vulnerability javascript npm nodejs

2r 1t 1d ago