{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-48779", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-05-22T20:18:20.365Z", "datePublished": "2026-06-16T21:26:22.537Z", "dateUpdated": "2026-06-30T02:41:33.319Z"}, "containers": {"cna": {"title": "ws: Memory exhaustion DoS from tiny fragments and data chunks", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p"}, {"name": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7", "tags": ["x_refsource_MISC"], "url": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7"}, {"name": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53", "tags": ["x_refsource_MISC"], "url": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53"}, {"name": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94", "tags": ["x_refsource_MISC"], "url": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94"}, {"name": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8", "tags": ["x_refsource_MISC"], "url": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8"}], "affected": [{"vendor": "websockets", "product": "ws", "versions": [{"version": ">= 1.1.0, < 5.2.5", "status": "affected"}, {"version": ">= 6.0.0, < 6.2.4", "status": "affected"}, {"version": ">= 7.0.0, < 7.5.11", "status": "affected"}, {"version": ">= 8.0.0, < 8.21.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-16T21:26:22.537Z"}, "descriptions": [{"lang": "en", "value": "ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vulnerability. A peer can send a high volume of exceptionally small fragments and data chunks, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process termination due to OOM. This issue has been fixed in versions 5.2.5, 6.2.4, 7.5.11, and 8.21.0."}], "source": {"advisory": "GHSA-96hv-2xvq-fx4p", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-17T18:07:28.748295Z", "id": "CVE-2026-48779", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T18:12:48.129Z"}}, {"affected": [{"cpes": ["cpe:/a:redhat:discovery:2::el9"], "defaultStatus": "affected", "product": "Red Hat Discovery 2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:2.6::el8"], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 2.6", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.0::el9"], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.0", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.1::el9"], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.1", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.2::el9"], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.3::el9"], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:cryostat:4"], "defaultStatus": "affected", "product": "Cryostat 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:gatekeeper:3"], "defaultStatus": "affected", "product": "Gatekeeper 3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:rhmt:1"], "defaultStatus": "affected", "product": "Migration Toolkit for Containers", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:workload_availability_nhc:0"], "defaultStatus": "affected", "product": "Node HealthCheck Operator", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_lightspeed"], "defaultStatus": "affected", "product": "OpenShift Lightspeed", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_pipelines:1"], "defaultStatus": "affected", "product": "OpenShift Pipelines", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:amq_broker:7"], "defaultStatus": "affected", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:2"], "defaultStatus": "affected", "product": "Red Hat Ansible Automation Platform 2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:apache_camel_hawtio:4"], "defaultStatus": "affected", "product": "Red Hat build of Apache Camel - HawtIO 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:podman_desktop:1"], "defaultStatus": "affected", "product": "Red Hat Build of Podman Desktop", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:podman_desktop:0"], "defaultStatus": "affected", "product": "Red Hat Build of Podman Desktop - Tech Preview", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:connectivity_link:1"], "defaultStatus": "affected", "product": "Red Hat Connectivity Link 1", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:8"], "defaultStatus": "affected", "product": "Red Hat Data Grid 8", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:rhdh:1"], "defaultStatus": "affected", "product": "Red Hat Developer Hub", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux_ai:3"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AI (RHEL AI) 3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:jboss_fuse:7"], "defaultStatus": "affected", "product": "Red Hat Fuse 7", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:hummingbird:1"], "defaultStatus": "affected", "product": "Red Hat Hardened Images", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_ai"], "defaultStatus": "affected", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4"], "defaultStatus": "affected", "product": "Red Hat Openshift Data Foundation 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_devspaces:3"], "defaultStatus": "affected", "product": "Red Hat OpenShift Dev Spaces", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "defaultStatus": "affected", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:quay:3"], "defaultStatus": "affected", "product": "Red Hat Quay 3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:satellite:6"], "defaultStatus": "affected", "product": "Red Hat Satellite 6", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:trusted_artifact_signer:1"], "defaultStatus": "affected", "product": "Red Hat Trusted Artifact Signer", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:ansible_portal:2"], "defaultStatus": "affected", "product": "Self-service automation portal 2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:3"], "defaultStatus": "unaffected", "product": "OpenShift Service Mesh 3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:camel_spring_boot:4"], "defaultStatus": "unaffected", "product": "Red Hat build of Apache Camel for Spring Boot 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:build_keycloak:"], "defaultStatus": "unaffected", "product": "Red Hat Build of Keycloak", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8"], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:jbosseapxp"], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat"}], "datePublic": "2026-06-16T21:26:22.537Z", "descriptions": [{"lang": "en", "value": "A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer."}], "metrics": [{"other": {"content": {"namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1050", "description": "Excessive Platform Resource Consumption within a Loop", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["vdb-entry", "x_refsource_REDHAT"], "url": "https://access.redhat.com/security/cve/CVE-2026-48779"}, {"name": "RHBZ#2489661", "tags": ["issue-tracking", "x_refsource_REDHAT"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489661"}, {"tags": ["x_sadp-csaf-vex"], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48779.json"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:29197"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33155"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33160"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33163"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33173"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33183"}], "solutions": [{"lang": "en", "value": "RHSA-2026:29197: Red Hat Discovery 2"}, {"lang": "en", "value": "RHSA-2026:33155: Red Hat OpenShift Service Mesh 2.6"}, {"lang": "en", "value": "RHSA-2026:33160: Red Hat OpenShift Service Mesh 3.0"}, {"lang": "en", "value": "RHSA-2026:33163: Red Hat OpenShift Service Mesh 3.1"}, {"lang": "en", "value": "RHSA-2026:33173: Red Hat OpenShift Service Mesh 3.2"}, {"lang": "en", "value": "RHSA-2026:33183: Red Hat OpenShift Service Mesh 3.3"}], "timeline": [{"lang": "en", "time": "2026-06-16T22:01:24.571Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-16T21:26:22.537Z", "value": "Made public."}], "title": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "x_adpType": "supplier", "x_generator": {"engine": "sadp-cli 1.0.0"}, "providerMetadata": {"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-06-30T02:41:33.319Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "ws: Memory exhaustion DoS from tiny fragments and data chunks", "source": {"advisory": "GHSA-96hv-2xvq-fx4p", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "websockets", "product": "ws", "versions": [{"status": "affected", "version": ">= 1.1.0, < 5.2.5"}, {"status": "affected", "version": ">= 6.0.0, < 6.2.4"}, {"status": "affected", "version": ">= 7.0.0, < 7.5.11"}, {"status": "affected", "version": ">= 8.0.0, < 8.21.0"}]}], "references": [{"url": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p", "name": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7", "name": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53", "name": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94", "name": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8", "name": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vulnerability. A peer can send a high volume of exceptionally small fragments and data chunks, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process termination due to OOM. This issue has been fixed in versions 5.2.5, 6.2.4, 7.5.11, and 8.21.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-16T21:26:22.537Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-48779", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-17T18:07:28.748295Z"}}}], "references": [{"url": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p", "tags": ["exploit"]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-06-17T18:07:47.408Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-48779", "state": "PUBLISHED", "dateUpdated": "2026-06-16T21:26:22.537Z", "dateReserved": "2026-05-22T20:18:20.365Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-06-16T21:26:22.537Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{}

{"bugzilla": {"description": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments", "id": "2489661", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489661"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1050", "details": ["ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vulnerability. A peer can send a high volume of exceptionally small fragments and data chunks, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process termination due to OOM. This issue has been fixed in versions 5.2.5, 6.2.4, 7.5.11, and 8.21.0.", "A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-48779", "package_state": [{"cpe": "cpe:/a:redhat:cryostat:4", "fix_state": "Affected", "package_name": "cryostat/cryostat-openshift-console-plugin-rhel9", "product_name": "Cryostat 4"}, {"cpe": "cpe:/a:redhat:cryostat:4", "fix_state": "Affected", "package_name": "cryostat-openshift-console-plugin-npm", "product_name": "Cryostat 4"}, {"cpe": "cpe:/a:redhat:cryostat:4", "fix_state": "Affected", "package_name": "grafana-infinity-datasource-npm", "product_name": "Cryostat 4"}, {"cpe": "cpe:/a:redhat:cryostat:4", "fix_state": "Affected", "package_name": "ws", "product_name": "Cryostat 4"}, {"cpe": "cpe:/a:redhat:gatekeeper:3", "fix_state": "Affected", "package_name": "gatekeeper/gatekeeper-rhel9", "product_name": "Gatekeeper 3"}, {"cpe": "cpe:/a:redhat:rhmt:1", "fix_state": "Affected", "package_name": "rhmtc/openshift-migration-ui-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:workload_availability_nhc:0", "fix_state": "Affected", "package_name": "workload-availability/node-healthcheck-must-gather-rhel9", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_nhc:0", "fix_state": "Affected", "package_name": "workload-availability/node-healthcheck-operator-bundle", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_nhc:0", "fix_state": "Affected", "package_name": "workload-availability/node-healthcheck-rhel9-operator", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Affected", "package_name": "openshift-lightspeed/lightspeed-console-plugin-419-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Affected", "package_name": "openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Affected", "package_name": "openshift-lightspeed/lightspeed-console-plugin-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines/pipelines-console-plugin-pf5-rhel9", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines/pipelines-console-plugin-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines/pipelines-console-plugin-rhel9", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines/pipelines-hub-ui-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines/pipelines-hub-ui-rhel9", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-ossmc-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Not affected", "package_name": "openshift-service-mesh/kiali-operator-bundle", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-ossmc-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Not affected", "package_name": "openshift-service-mesh/kiali-rhel9-operator", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Affected", "package_name": "ws", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Will not fix", "package_name": "ansible-automation-platform-24/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Will not fix", "package_name": "ansible-automation-platform-25/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-26/gateway-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Will not fix", "package_name": "ansible-automation-platform-26/lightspeed-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-27/gateway-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Will not fix", "package_name": "ansible-automation-platform-27/lightspeed-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "automation-eda-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Not affected", "package_name": "ws", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:apache_camel_hawtio:4", "fix_state": "Affected", "package_name": "ws", "product_name": "Red Hat build of Apache Camel - HawtIO 4"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Not affected", "package_name": "ws", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:podman_desktop:1", "fix_state": "Affected", "package_name": "rh-podman-desktop.git", "product_name": "Red Hat Build of Podman Desktop"}, {"cpe": "cpe:/a:redhat:podman_desktop:0", "fix_state": "Will not fix", "package_name": "rhdesktop/rh-podman-desktop-ext-bootc-rhel10", "product_name": "Red Hat Build of Podman Desktop - Tech Preview"}, {"cpe": "cpe:/a:redhat:podman_desktop:0", "fix_state": "Will not fix", "package_name": "rhdesktop/rh-podman-desktop-ext-rhel-rhel10", "product_name": "Red Hat Build of Podman Desktop - Tech Preview"}, {"cpe": "cpe:/a:redhat:podman_desktop:0", "fix_state": "Will not fix", "package_name": "rhdesktop/rh-podman-desktop-ext-sandbox-rhel10", "product_name": "Red Hat Build of Podman Desktop - Tech Preview"}, {"cpe": "cpe:/a:redhat:connectivity_link:1", "fix_state": "Affected", "package_name": "rhcl-1/rhcl-console-plugin-rhel9", "product_name": "Red Hat Connectivity Link 1"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Affected", "package_name": "ws", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Affected", "package_name": "rhdh/rhdh-hub-rhel9", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:discovery:2::el9", "fix_state": "Affected", "package_name": "discovery/discovery-ui-rhel9", "product_name": "Red Hat Discovery 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "dotnet8.0", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Under investigation", "package_name": "dotnet9.0", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "rust", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet5.0-build-reference-packages", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "dotnet8.0", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "dotnet9.0", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mozjs60", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "rust", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "ceph", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "dotnet8.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "dotnet9.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gjs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "rust", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-gaudi-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-rocm-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/disk-image-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rust", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "thrift", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "ws", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Affected", "package_name": "dotnet10.0", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Affected", "package_name": "dotnet8.0", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Affected", "package_name": "dotnet9.0", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Affected", "package_name": "ruff", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Affected", "package_name": "rust", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Affected", "package_name": "yarnpkg", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "ws", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "ws", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-dashboard-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-mlflow-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-automl-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-autorag-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-eval-hub-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-gen-ai-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-maas-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-mod-arch-mlflow-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-model-registry-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-agent-installer-ui-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-console-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-monitoring-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/mcg-core-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/ocs-client-console-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-console-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odf-multicluster-console-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3", "fix_state": "Affected", "package_name": "devspaces/code-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3", "fix_state": "Affected", "package_name": "devspaces/dashboard-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/kubevirt-console-plugin", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/kubevirt-console-plugin-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite/iop-vulnerability-frontend-rhel9", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Affected", "package_name": "rhtas/rekor-search-ui-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:ansible_portal:2", "fix_state": "Affected", "package_name": "ansible-automation-platform/automation-portal", "product_name": "Self-service automation portal 2"}, {"cpe": "cpe:/a:redhat:ansible_portal:2", "fix_state": "Affected", "package_name": "ansible-automation-platform/bootc-automation-portal-rhel9", "product_name": "Self-service automation portal 2"}], "public_date": "2026-06-16T21:26:22Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-48779\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-48779\nhttps://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7\nhttps://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53\nhttps://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94\nhttps://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8\nhttps://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.1.0,5.2.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[6.0.0,6.2.4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.5.11)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0,8.21.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ws", "source": "cna", "vendor": "websockets"}, "product": "ws", "vendor": "websockets"}], "created": "2026-06-17T01:30:04.922274+00:00", "updated": "2026-06-24T10:45:03.167171+00:00", "vendors": ["websockets", "websockets$PRODUCT$ws"]}