PatchSiren cyber security CVE debrief
CVE-2026-48779 websockets CVE debrief
A memory exhaustion DoS vulnerability was found in ws, an open source WebSocket client and server for Node.js. The vulnerability affects multiple version ranges: 1.1.0 up to (but not including) 5.2.5, 6.0.0 up to 6.2.4, 7.0.0 up to 7.5.11, and 8.0.0 up to 8.21.0. An attacker can cause a remote peer to allocate and hold structural wrappers that consume more memory than the default documented message-size limit, leading to process termination due to Out of Memory (OOM). This issue has significant operational impact, and defenders should review and apply patches or mitigations.
- Vendor
- websockets
- Product
- ws
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-07-07
Who should care
Users of the ws WebSocket client and server for Node.js, particularly those using affected version ranges, should be aware of this vulnerability and take steps to mitigate it. This includes updating to patched versions (5.2.5, 6.2.4, 7.5.11, or 8.21.0) and monitoring for potential attacks. Operators, platform administrators, and security teams should review their deployments and apply necessary patches or mitigations.
Technical summary
The vulnerability is caused by the ability of a peer to send a high volume of exceptionally small fragments and data chunks, which can force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit. This can lead to process termination due to Out of Memory (OOM). The issue has been fixed in versions 5.2.5, 6.2.4, 7.5.11, and 8.21.0. Affected users should update to patched versions and monitor for potential attacks.
Defensive priority
High
Recommended defensive actions
- Update to patched versions (5.2.5, 6.2.4, 7.5.11, or 8.21.0)
- Monitor for potential attacks
- Implement network traffic monitoring to detect high volumes of small fragments and data chunks
- Consider implementing compensating controls, such as rate limiting or IP blocking
- Review and update incident response plans
- Conduct vulnerability scanning and asset inventory
- Implement source tracking and monitoring
Evidence notes
The CVE record was published on 2026-06-17T13:20:42.887Z and last modified on 2026-07-02T12:17:29.653Z. The NVD entry is currently Modified. The vulnerability affects multiple version ranges: 1.1.0 up to (but not including) 5.2.5, 6.0.0 up to 6.2.4, 7.0.0 up to 7.5.11, and 8.0.0 up to 8.21.0. Users should verify their deployments and apply patches or mitigations accordingly. The vulnerability is caused by a peer sending a high volume of exceptionally small fragments and data chunks, leading to memory exhaustion.
Official resources
-
CVE-2026-48779 CVE record
CVE.org
-
CVE-2026-48779 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Exploit, Mitigation, Patch, Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T13:20:42.887Z and has not been modified since then. The NVD entry is currently Modified.