{"vulnerability": "cve-2026-1215", "sightings": [{"uuid": "f602cc5a-d32e-4924-81ca-449e6dc42e2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12151", "type": "seen", "source": "https://bsky.app/profile/ulisesgascon.com/post/3moipe7e5is2g", "content": "\ud83d\udea8 High-severity security fix in undici (6.26.0, 7.28.0, 8.5.0) just released!\n\nPatches CVE-2026-12151. undici WebSocket client vulnerable to denial of service via fragment count bypass.\n\ngithub.com/nodejs/undic...", "creation_timestamp": "2026-06-17T16:12:44.124995Z"}, {"uuid": "a7890d05-e351-4c61-8983-fad9f13e9756", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12151", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moiyi3y4jq27", "content": "CVE-2026-12151 - undici WebSocket client vulnerable to denial of service via fragment count bypass\nCVE ID : CVE-2026-12151\n \n Published : June 17, 2026, 4:05 p.m. | 1\u00a0hour, 36\u00a0minutes ago\n \n Description : Impact:\nThe undici WebSocket client enforces maxPayloadSize on the cumul...", "creation_timestamp": "2026-06-17T18:55:58.300124Z"}, {"uuid": "5f4e36a0-89cc-452f-ac09-7d72efd1878e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12151", "type": "seen", "source": "https://bsky.app/profile/nodeland.dev/post/3mol72mtyb62f", "content": "\ud83d\udfe0 High: WebSocket DoS (CVE-2026-12151).\nA malicious server could send unlimited tiny/empty fragments. We capped total payload size but not fragment *count* \u2192 unbounded memory growth.\nAffects v6/v7/v8. No workaround \u2014 upgrade.", "creation_timestamp": "2026-06-18T15:59:01.750896Z"}, {"uuid": "a38268e6-ebc8-4406-a791-3d1054f352be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12151", "type": "seen", "source": "https://gist.github.com/alon710/cb38e049872764207b2ad97489bbd503", "content": "# CVE-2026-12151: CVE-2026-12151: Denial of Service via Uncontrolled Fragment Buffering in Undici WebSocket Client\n\n&gt; **CVSS Score:** 7.5\n&gt; **Published:** 2026-06-19\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-12151\n\n## Summary\nA high-severity denial of service vulnerability in the undici WebSocket client (CVE-2026-12151) arises from uncontrolled memory consumption. Although undici validates individual fragment sizes against a cumulative payload limit, it fails to cap the total number of frames in a single message stream. This allows a rogue or compromised WebSocket server to send an infinite sequence of small or empty continuation frames, causing unbounded memory allocation and eventual heap exhaustion on the client process.\n\n## TL;DR\nThe undici WebSocket client does not limit the number of continuation frames per message, enabling a malicious server to crash the client process via heap exhaustion using infinite zero-byte fragments.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-400, CWE-770\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Score**: 7.5 (High)\n- **EPSS Score**: 0.00284 (Percentile: 19.97%)\n- **Impact**: Denial of Service (OOM Crash)\n- **Exploit Status**: PoC available, no active wild exploitation\n- **KEV Status**: Not listed\n\n## Affected Systems\n\n- undici WebSocket client\n- Node.js applications utilizing undici\n- **undici**: &gt;= 6.17.0 &lt; 6.26.0 (Fixed in: `6.26.0`)\n- **undici**: &gt;= 7.0.0 &lt; 7.28.0 (Fixed in: `7.28.0`)\n- **undici**: &gt;= 8.0.0 &lt; 8.5.0 (Fixed in: `8.5.0`)\n\n## Mitigation\n\n- Upgrade to patched undici releases\n- Limit client-side WebSocket connections to trusted domains\n- Deploy external process managers (such as systemd, PM2) with auto-restart policies\n\n**Remediation Steps:**\n1. Identify vulnerable undici installations via 'npm ls undici'\n2. Update dependency requirements in package.json to &gt;= 6.26.0, &gt;= 7.28.0, or &gt;= 8.5.0\n3. Execute 'npm install' or equivalent to apply the patch\n4. Verify correct resolution via 'npm ls undici' and redeploy\n\n## References\n\n- [GHSA-vxpw-j846-p89q](https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q)\n- [OpenJS Foundation Security Advisories](https://cna.openjsf.org/security-advisories.html)\n- [CVE-2026-12151 Record](https://www.cve.org/CVERecord?id=CVE-2026-12151)\n- [NVD - CVE-2026-12151](https://nvd.nist.gov/vuln/detail/CVE-2026-12151)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-12151) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T14:41:40.000000Z"}, {"uuid": "e8dc2d3b-3630-48d2-b987-4fa0ee649b3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12151", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3moxe4r6oca2m", "content": "\n\ud83d\udea8 New HIGH CVE detected in AWS Lambda \ud83d\udea8\nCVE-2026-12151 impacts undici in 1 Lambda base images.\n\nDetails: https://github.com/aws/aws-lambda-base-images/issues/578\nMore: https://lambdawatchdog.com/\n\n#AWS #Lambda #CVE #CloudSecurity #Serverless", "creation_timestamp": "2026-06-23T12:01:38.704053Z"}, {"uuid": "8d7e75ae-629d-4607-a5ab-d50c2656be11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12158", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpl6qiao7w2r", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-12158 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 RegistrationMagic \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/4111BB91-7F35-46F8-9B93-6E57DFAD5275", "creation_timestamp": "2026-07-01T09:18:33.141984Z"}, {"uuid": "8498b412-f5c5-40e1-87dd-b290bb63777a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12158", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mplgsm4ipy24", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-12158 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 RegistrationMagic \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/201C9CD7-DD1A-4C00-88E1-08B9F9798876", "creation_timestamp": "2026-07-01T11:42:54.381609Z"}, {"uuid": "be89ba8f-c7bf-42cf-b2d9-9e10e367b633", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12158", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpliug23bd26", "content": "CVE-2026-12158 - RegistrationMagic\nCVE ID : CVE-2026-12158\n \n Published : July 1, 2026, 7:53 a.m. | 3\u00a0hours, 53\u00a0minutes ago\n \n Description : The RegistrationMagic \u2013 User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions ...", "creation_timestamp": "2026-07-01T12:19:51.133681Z"}, {"uuid": "150996d9-27be-416e-a6ac-50142177fc64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12158", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mpmpz6pbik2f", "content": "CVE-2026-12158. RegistrationMagic. 8.8/10. An attacker hijacks admin accounts without touching a password. No auth needed. Update to 6.0.9.1 now. Scan: pulse-wp.com\n#WordPress #CSRF #CyberSecurity", "creation_timestamp": "2026-07-02T00:00:18.419655Z"}, {"uuid": "2235252a-c621-45d3-bfa9-288521110950", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12154", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mpqcvpflhr2k", "content": "CVE-2026-12154 fb-reviews-widget (CVSS Score 6.4) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-07-03T10:16:21.810036Z"}]}