WebSocket Protocol Handler Vulnerability in websocket-driver by Faye
CVE-2026-54490
6.3MEDIUM
What is CVE-2026-54490?
The websocket-driver library, used for handling WebSocket protocols, contains an issue where the permessage-deflate extension allows servers and clients to accept messages exceeding the configured maximum size. This occurs because the library incorrectly checks the size limit against the lengths of compressed data frames rather than the decompressed message size, potentially leading to significant increases in resource consumption during message processing. This vulnerability has been addressed in version 0.7.5.
Affected Version(s)
websocket-driver-node < 0.7.5
