PT-2026-41307 · Npm+1 · Ws+1

Osidb Bzimport

·

Published

2026-05-12

·

Updated

2026-07-10

·

CVE-2026-45736

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions ws versions prior to 8.20.1
Description ws is an open source WebSocket client and server for Node.js. The websocket.close() function is susceptible to uninitialized memory disclosure, which occurs when a TypedArray is provided as the reason argument.
Recommendations Update to version 8.20.1.

Exploit

Fix

DoS

Use of Uninitialized Resource

Access of Uninitialized Pointer

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-09331
CVE-2026-45736
GHSA-58QX-3VCG-4XPX
RHSA-2026:27171
RHSA-2026:7655

Affected Products

Confluence
Ws