CVE-2026-54464
Gravedad CVSS v4.0:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
17/07/2026
Última modificación:
17/07/2026
Descripción
*** Pendiente de traducción *** ### Impact<br />
<br />
If this library is used in tandem with the `permessage-deflate` extension, a<br />
WebSocket server or client can be made to accept messages that are larger than<br />
the configured maximum message size. This is because this limit is checked<br />
against the message frames&#39; length headers, which give the size of the<br />
compressed data, not the size after decompression. This can lead to applications<br />
accepting larger messages than expected and exceeding their intended resource<br />
usage.<br />
<br />
### Patches<br />
<br />
The issue has been patched in version 0.8.1, by checking the length of messages<br />
after they are processed by incoming extensions. All users should upgrade to<br />
this version.<br />
<br />
### Workarounds<br />
<br />
No known workarounds exist.<br />
<br />
### Acknowledgements<br />
<br />
This issue was discovered and reported by Pranjali Thakur, DepthFirst Security<br />
Research Team.
Impacto
Puntuación base 4.0
6.30
Gravedad 4.0
MEDIA



