Bug 2447145 (CVE-2026-1528) - CVE-2026-1528 undici: undici: Denial of Service via crafted WebSocket frame with large length
Summary: CVE-2026-1528 undici: undici: Denial of Service via crafted WebSocket frame w...
Keywords:
Status: NEW
Alias: CVE-2026-1528
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2447157 2447158 2447160 2447162
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-12 21:02 UTC by OSIDB Bzimport
Modified: 2026-04-14 06:52 UTC (History)
54 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:7080 0 None None None 2026-04-08 13:54:46 UTC
Red Hat Product Errata RHSA-2026:7123 0 None None None 2026-04-08 18:05:01 UTC
Red Hat Product Errata RHSA-2026:7302 0 None None None 2026-04-09 12:47:16 UTC
Red Hat Product Errata RHSA-2026:7310 0 None None None 2026-04-09 13:20:02 UTC
Red Hat Product Errata RHSA-2026:7350 0 None None None 2026-04-09 20:20:49 UTC
Red Hat Product Errata RHSA-2026:7670 0 None None None 2026-04-13 02:47:42 UTC
Red Hat Product Errata RHSA-2026:7675 0 None None None 2026-04-13 02:23:12 UTC
Red Hat Product Errata RHSA-2026:7983 0 None None None 2026-04-14 06:52:13 UTC

Description OSIDB Bzimport 2026-03-12 21:02:00 UTC 
ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process.

Patches

Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.
Comment 3 errata-xmlrpc 2026-04-08 13:54:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:7080 https://access.redhat.com/errata/RHSA-2026:7080
Comment 4 errata-xmlrpc 2026-04-08 18:04:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:7123 https://access.redhat.com/errata/RHSA-2026:7123
Comment 5 errata-xmlrpc 2026-04-09 12:47:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:7302 https://access.redhat.com/errata/RHSA-2026:7302
Comment 6 errata-xmlrpc 2026-04-09 13:19:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:7310 https://access.redhat.com/errata/RHSA-2026:7310
Comment 7 errata-xmlrpc 2026-04-09 20:20:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:7350 https://access.redhat.com/errata/RHSA-2026:7350
Comment 8 errata-xmlrpc 2026-04-13 02:23:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:7675 https://access.redhat.com/errata/RHSA-2026:7675
Comment 9 errata-xmlrpc 2026-04-13 02:47:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:7670 https://access.redhat.com/errata/RHSA-2026:7670
Comment 11 errata-xmlrpc 2026-04-14 06:52:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:7983 https://access.redhat.com/errata/RHSA-2026:7983
Note You need to log in before you can comment on or make changes to this bug.