Undici

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-2581 MEDIUM PATCH This Month

Node.js Undici's response deduplication feature accumulates response bodies in memory instead of streaming them, allowing remote attackers to trigger denial of service through large or concurrent responses from untrusted endpoints. Applications using the deduplicate() interceptor are vulnerable to out-of-memory crashes when processing large or chunked responses. No patch is currently available.

Node.js Denial Of Service Undici Redhat
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-22036 MEDIUM PATCH This Month

Undici versions up to 7.18.0 is affected by allocation of resources without limits or throttling (CVSS 5.9).

Node.js Undici Redhat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-2581
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Node.js Undici's response deduplication feature accumulates response bodies in memory instead of streaming them, allowing remote attackers to trigger denial of service through large or concurrent responses from untrusted endpoints. Applications using the deduplicate() interceptor are vulnerable to out-of-memory crashes when processing large or chunked responses. No patch is currently available.

Node.js Denial Of Service Undici +1
NVD GitHub VulDB
CVE-2026-22036
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Undici versions up to 7.18.0 is affected by allocation of resources without limits or throttling (CVSS 5.9).

Node.js Undici Redhat +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy