Memory Buffer Issue in Socket.IO Framework Affecting Open Source Projects
CVE-2026-33151
8.7HIGH
What is CVE-2026-33151?
Socket.IO, a widely used open-source framework for real-time event-based communication, is susceptible to a vulnerability that allows specially crafted packets to cause excessive memory consumption on the server. This issue can be exploited through the transmission of a large number of binary attachments, potentially leading to server failure or denial of service. The vulnerability has been addressed in versions 3.3.5, 3.4.4, and 4.2.6, highlighting the importance of updating to mitigate any risk. For further details, refer to the official security advisory.
Affected Version(s)
socket.io < 3.3.5 < 3.3.5
socket.io >= 3.4.0, < 3.4.4 < 3.4.0, 3.4.4
socket.io >= 4.0.0, < 4.2.6 < 4.0.0, 4.2.6
