CVE-2026-45736

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.4 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.

Vulnerability Details

Published Date

May 15, 2026

Last Modified

May 19, 2026

CWE ID

CWE-908

Source

NVD

Vendor

websockets

Product

External References

https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086
https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx

CVE-2026-45736

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment