WebSocket Driver Library Vulnerability Affecting Faye's Ruby Implementation
CVE-2026-54464

6.3MEDIUM

Key Information:

Vendor

Faye

Vendor
CVE Published:
17 July 2026

What is CVE-2026-54464?

A vulnerability in the Faye WebSocket driver for Ruby allows servers or clients to process messages exceeding the configured maximum size. When used with the permessage-deflate extension, the length check on message frames uses compressed data sizes. This oversight can lead to resource exhaustion as applications may accept larger messages than intended. Users are strongly urged to upgrade to version 0.8.1, where this issue has been addressed with checks for message lengths post-decompression. Currently, no known workarounds exist.

Affected Version(s)

websocket-driver-ruby < 0.8.1

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.