CVE-2026-1528

ADVISORY - github

Summary

Impact

A server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process.

Patches

Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.

Workarounds

There are no workarounds.

EPSS Score⁠: 0.0014 (0.336)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-1284⁠

Improper Validation of Specified Quantity in Input

CWE-248⁠

Uncaught Exception

ADVISORY - github

CWE-1284⁠

Improper Validation of Specified Quantity in Input

CWE-248⁠

Uncaught Exception

ADVISORY - redhat

CWE-248⁠

Uncaught Exception

Impacted images

Advisories

NIST

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2026-1528⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1284⁠CWE-248⁠

CVSS SCORE

7.5high

GitHub

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDGHSA-f269-vfmq-vjvj⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1284⁠CWE-248⁠

CVSS SCORE

7.5high

Debian

CREATED

2 months ago

UPDATED

17 days ago

ADVISORY IDCVE-2026-1528⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2026-1528⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDALSA-2026:7123⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDALSA-2026:7350⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDALSA-2026:7670⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

2 months ago

UPDATED

1 month ago

ADVISORY IDALAS2023-2026-1524⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

2 months ago

UPDATED

1 month ago

ADVISORY IDALAS2023-2026-1525⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

2 months ago

UPDATED

1 month ago

ADVISORY IDALAS2023-2026-1526⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2026-1528⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-248⁠

CVSS SCORE

7.5high

Rocky

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDRLSA-2026:7080⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDRLSA-2026:7123⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDRLSA-2026:7302⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDRLSA-2026:7350⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDRLSA-2026:7670⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDRLSA-2026:7675⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDELSA-2026-7080⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDELSA-2026-7123⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDELSA-2026-7302⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDELSA-2026-7350⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDELSA-2026-7670⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDELSA-2026-7675⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Chainguard

CREATED

29 days ago

UPDATED

29 days ago

ADVISORY ID

CGA-w442-vj6r-7j29

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-2667-43w7-4jc8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

16 days ago

UPDATED

16 days ago

ADVISORY ID

MINI-67qw-chp4-mj8f

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-9fx9-vvwr-97gj

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

12 days ago

UPDATED

12 days ago

ADVISORY ID

MINI-9wc3-xrm4-5rfc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-fxgq-f6hg-wv5c

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-gm9m-q896-grpm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-hgg9-9wr6-7hwv

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-rxpj-x747-w6p2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-w7v3-vfrh-fx5j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-xm69-ph56-57vp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY