Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

undici — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting undici. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Undici is a Node.js HTTP/1.1 client library primarily used for making HTTP requests in server-side applications. Historically, it has been vulnerable to several remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from improper input validation and insecure default configurations. The library has faced security incidents including path traversal vulnerabilities and request smuggling issues due to inconsistent header handling. While its core functionality is straightforward, undici's security track record shows recurring issues in request parsing and URL handling, requiring careful implementation and regular updates to mitigate risks.

Top products by undici: undici
CVE IDTitleCVSSSeverityPublished
CVE-2026-2229 undici is vulnerable to Unhandled Exception in undici WebSocket Client Due to Invalid server_max_window_bits Validation — undiciCWE-248 7.5 High2026-03-12
CVE-2026-1528 undici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client — undiciCWE-248 7.5 High2026-03-12
CVE-2026-1527 undici is vulnerable to CRLF Injection via upgrade option — undiciCWE-93 4.6 Medium2026-03-12
CVE-2026-2581 undici is vulnerable to Unbounded Memory Consumption in in Undici's DeduplicationHandler via Response Buffering leads to DoS — undiciCWE-770 5.9 Medium2026-03-12
CVE-2026-1526 undici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression — undiciCWE-409 7.5 High2026-03-12
CVE-2026-1525 undici is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') — undiciCWE-444 6.5 Medium2026-03-12

This page lists every published CVE security advisory associated with undici. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.