Memory Buffer Issue in Socket.IO Framework Affecting Open Source Projects
CVE-2026-33151

8.7HIGH

Key Information:

Vendor

Socketio

Status
Socket.io
Vendor
CVE Published:
20 March 2026

What is CVE-2026-33151?

Socket.IO, a widely used open-source framework for real-time event-based communication, is susceptible to a vulnerability that allows specially crafted packets to cause excessive memory consumption on the server. This issue can be exploited through the transmission of a large number of binary attachments, potentially leading to server failure or denial of service. The vulnerability has been addressed in versions 3.3.5, 3.4.4, and 4.2.6, highlighting the importance of updating to mitigate any risk. For further details, refer to the official security advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

socket.io < 3.3.5 < 3.3.5

socket.io >= 3.4.0, < 3.4.4 < 3.4.0, 3.4.4

socket.io >= 4.0.0, < 4.2.6 < 4.0.0, 4.2.6

References

https://github.com/socketio/socket.io/security/advisories...
x_refsource_CONFIRM
https://github.com/socketio/socket.io/commit/719f9ebab077...
x_refsource_MISC
https://github.com/socketio/socket.io/commit/9d39f1f08051...
x_refsource_MISC

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.