{"vulnerability": "CVE-2026-12151", "sightings": [{"uuid": "a7890d05-e351-4c61-8983-fad9f13e9756", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12151", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moiyi3y4jq27", "content": "CVE-2026-12151 - undici WebSocket client vulnerable to denial of service via fragment count bypass\nCVE ID : CVE-2026-12151\n \n Published : June 17, 2026, 4:05 p.m. | 1\u00a0hour, 36\u00a0minutes ago\n \n Description : Impact:\nThe undici WebSocket client enforces maxPayloadSize on the cumul...", "creation_timestamp": "2026-06-17T18:55:58.300124Z"}, {"uuid": "5f4e36a0-89cc-452f-ac09-7d72efd1878e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12151", "type": "seen", "source": "https://bsky.app/profile/nodeland.dev/post/3mol72mtyb62f", "content": "\ud83d\udfe0 High: WebSocket DoS (CVE-2026-12151).\nA malicious server could send unlimited tiny/empty fragments. We capped total payload size but not fragment *count* \u2192 unbounded memory growth.\nAffects v6/v7/v8. No workaround \u2014 upgrade.", "creation_timestamp": "2026-06-18T15:59:01.750896Z"}, {"uuid": "f602cc5a-d32e-4924-81ca-449e6dc42e2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12151", "type": "seen", "source": "https://bsky.app/profile/ulisesgascon.com/post/3moipe7e5is2g", "content": "\ud83d\udea8 High-severity security fix in undici (6.26.0, 7.28.0, 8.5.0) just released!\n\nPatches CVE-2026-12151. undici WebSocket client vulnerable to denial of service via fragment count bypass.\n\ngithub.com/nodejs/undic...", "creation_timestamp": "2026-06-17T16:12:44.124995Z"}]}