What is CVE-2026-48779?

CVE-2026-48779 is a high-severity vulnerability in Websockets Ws, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2026-06-17.

How severe is CVE-2026-48779?

High severity. CVSS v3 base score is 7.5 out of 10.

Resource exhaustion in Websockets Ws

CVE-2026-48779

ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vul…

Vulnerability class: DoS (Denial of Service)

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Websockets Ws — versions >= 1.1.0, < 5.2.5, >= 6.0.0, < 6.2.4, >= 7.0.0, < 7.5.11

Weakness classification (CWE)

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-48779?: CVE-2026-48779 is a high-severity vulnerability in Websockets Ws, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2026-06-17.
How severe is CVE-2026-48779?: High severity. CVSS v3 base score is 7.5 out of 10.