Vendor
A memory exhaustion vulnerability, CVE-2026-62389, exists in the 'ws' WebSocket library versions prior to 8.21.1, allowing attackers to exhaust server memory via incomplete fragmented WebSocket messages and cause denial of service.