{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-1528","assignerOrgId":"ce714d77-add3-4f53-aff5-83d477b104bb","state":"PUBLISHED","assignerShortName":"openjs","dateReserved":"2026-01-28T12:05:10.024Z","datePublished":"2026-03-12T20:21:57.775Z","dateUpdated":"2026-07-02T12:05:22.329Z"},"containers":{"cna":{"providerMetadata":{"orgId":"ce714d77-add3-4f53-aff5-83d477b104bb","shortName":"openjs","dateUpdated":"2026-03-12T20:21:57.775Z"},"title":"undici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-248","description":"CWE-248 Uncaught exception","type":"CWE"}]},{"descriptions":[{"lang":"en","cweId":"CWE-1284","description":"CWE-1284 Improper validation of specified quantity in input","type":"CWE"}]}],"affected":[{"vendor":"undici","product":"undici","collectionURL":"https://github.com/nodejs/undici/","packageName":"undici","repo":"https://github.com/nodejs/undici/","versions":[{"status":"affected","version":">= 6.0.0 < 6.24.0; 7.0.0 < 7.24.0"},{"status":"unaffected","version":"6.24.0: 7.24.0"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process.\n\nPatches\n\nPatched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.","supportingMedia":[{"type":"text/html","base64":false,"value":"<h3><span>Impact</span></h3><p>A server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process.<br><br><b>Patches<br></b><br>Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.<br></p><br>"}]}],"references":[{"url":"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"},{"url":"https://hackerone.com/reports/3537648"},{"url":"https://cna.openjsf.org/security-advisories.html"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseSeverity":"HIGH","baseScore":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}],"credits":[{"lang":"en","value":"Matteo Collina","type":"remediation reviewer"},{"lang":"en","value":"Ulises Gascón","type":"remediation developer"}],"source":{"advisory":"GHSA-f269-vfmq-vjvj","discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-13T13:03:59.738320Z","id":"CVE-2026-1528","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-13T13:04:57.048Z"}},{"affected":[{"cpes":["cpe:/a:redhat:cryostat:4::el9"],"defaultStatus":"affected","product":"Cryostat 4 on RHEL 9","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.1"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"defaultStatus":"affected","product":"Cluster Observability Operator 1.5.0","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhdh:1.8::el9"],"defaultStatus":"affected","product":"Red Hat Developer Hub 1.8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhdh:1.9::el9"],"defaultStatus":"affected","product":"Red Hat Developer Hub 1.9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai:2.16::el8"],"defaultStatus":"affected","product":"Red Hat OpenShift AI 2.16","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_devspaces:3.28::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Dev Spaces 3.28","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_pipelines:1.20::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Pipelines 1.2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_lightspeed"],"defaultStatus":"affected","product":"OpenShift Lightspeed","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_pipelines:1"],"defaultStatus":"affected","product":"OpenShift Pipelines","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhdh:1"],"defaultStatus":"affected","product":"Red Hat Developer Hub","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_portal:2"],"defaultStatus":"affected","product":"Self-service automation portal 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8"],"defaultStatus":"unaffected","product":"Red Hat JBoss Enterprise Application Platform 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jbosseapxp"],"defaultStatus":"unaffected","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_devspaces:3"],"defaultStatus":"unaffected","product":"Red Hat OpenShift Dev Spaces","vendor":"Red Hat"}],"datePublic":"2026-03-12T20:21:57.775Z","descriptions":[{"lang":"en","value":"A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-248","description":"Uncaught Exception","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-1528"},{"name":"RHBZ#2447145","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447145"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1528.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:17789"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:7310"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:7080"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:7675"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:7123"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:7670"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:7983"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:7302"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:7350"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:34342"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:9742"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:5807"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21772"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21931"}],"solutions":[{"lang":"en","value":"RHSA-2026:17789: Cryostat 4 on RHEL 9"},{"lang":"en","value":"RHSA-2026:7310: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"},{"lang":"en","value":"RHSA-2026:7080: Red Hat Enterprise Linux AppStream (v. 10)"},{"lang":"en","value":"RHSA-2026:7675: Red Hat Enterprise Linux AppStream (v. 10)"},{"lang":"en","value":"RHSA-2026:7123: Red Hat Enterprise Linux AppStream (v. 8)"},{"lang":"en","value":"RHSA-2026:7670: Red Hat Enterprise Linux AppStream (v. 8)"},{"lang":"en","value":"RHSA-2026:7983: Red Hat Enterprise Linux AppStream EUS (v.9.6)"},{"lang":"en","value":"RHSA-2026:7302: Red Hat Enterprise Linux AppStream (v. 9)"},{"lang":"en","value":"RHSA-2026:7350: Red Hat Enterprise Linux AppStream (v. 9)"},{"lang":"en","value":"RHSA-2026:34342: Cluster Observability Operator 1.5.0"},{"lang":"en","value":"RHSA-2026:9742: Red Hat Developer Hub 1.8"},{"lang":"en","value":"RHSA-2026:13826: Red Hat Developer Hub 1.9"},{"lang":"en","value":"RHSA-2026:5807: Red Hat OpenShift AI 2.16"},{"lang":"en","value":"RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28"},{"lang":"en","value":"RHSA-2026:21931: Red Hat OpenShift Pipelines 1.2"}],"timeline":[{"lang":"en","time":"2026-03-12T21:01:36.954Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-03-12T20:21:57.775Z","value":"Made public."}],"title":"undici: undici: Denial of Service via crafted WebSocket frame with large length","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-02T12:05:22.329Z"}}]}}