PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-48779 websockets CVE debrief

A memory exhaustion DoS vulnerability was found in ws, an open source WebSocket client and server for Node.js. The vulnerability affects multiple version ranges: 1.1.0 up to (but not including) 5.2.5, 6.0.0 up to 6.2.4, 7.0.0 up to 7.5.11, and 8.0.0 up to 8.21.0. An attacker can cause a remote peer to allocate and hold structural wrappers that consume more memory than the default documented message-size limit, leading to process termination due to Out of Memory (OOM). This issue has significant operational impact, and defenders should review and apply patches or mitigations.

Vendor
websockets
Product
ws
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-07-07
Advisory published
2026-06-17
Advisory updated
2026-07-07

Who should care

Users of the ws WebSocket client and server for Node.js, particularly those using affected version ranges, should be aware of this vulnerability and take steps to mitigate it. This includes updating to patched versions (5.2.5, 6.2.4, 7.5.11, or 8.21.0) and monitoring for potential attacks. Operators, platform administrators, and security teams should review their deployments and apply necessary patches or mitigations.

Technical summary

The vulnerability is caused by the ability of a peer to send a high volume of exceptionally small fragments and data chunks, which can force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit. This can lead to process termination due to Out of Memory (OOM). The issue has been fixed in versions 5.2.5, 6.2.4, 7.5.11, and 8.21.0. Affected users should update to patched versions and monitor for potential attacks.

Defensive priority

High

Recommended defensive actions

  • Update to patched versions (5.2.5, 6.2.4, 7.5.11, or 8.21.0)
  • Monitor for potential attacks
  • Implement network traffic monitoring to detect high volumes of small fragments and data chunks
  • Consider implementing compensating controls, such as rate limiting or IP blocking
  • Review and update incident response plans
  • Conduct vulnerability scanning and asset inventory
  • Implement source tracking and monitoring

Evidence notes

The CVE record was published on 2026-06-17T13:20:42.887Z and last modified on 2026-07-02T12:17:29.653Z. The NVD entry is currently Modified. The vulnerability affects multiple version ranges: 1.1.0 up to (but not including) 5.2.5, 6.0.0 up to 6.2.4, 7.0.0 up to 7.5.11, and 8.0.0 up to 8.21.0. Users should verify their deployments and apply patches or mitigations accordingly. The vulnerability is caused by a peer sending a high volume of exceptionally small fragments and data chunks, leading to memory exhaustion.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T13:20:42.887Z and has not been modified since then. The NVD entry is currently Modified.