Back to CVE List

CVE-2026-44217

MEDIUM SEVERITY

Vulnerability Description

sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into the stream. This vulnerability is fixed in 4.0.1.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-93
Source
GitHub
Vendor
npm
Product
sse-channel

External References

Discussion (0)

Add Comment

No comments yet. Be the first!