{"vulnerability": "cve-2026-9675", "sightings": [{"uuid": "6fdc88e3-5316-4ff2-8a24-dcf7c1fc9932", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9675", "type": "seen", "source": "https://bsky.app/profile/ulisesgascon.com/post/3moipzi2kmc2g", "content": "\ud83d\udea8 High-severity security fix in undici@8.5.0 just released!\n\nPatches CVE-2026-9675. undici WebSocket client vulnerable to denial of service via cumulative fragment bypass.\n\ngithub.com/nodejs/undic...", "creation_timestamp": "2026-06-17T16:24:39.456649Z"}, {"uuid": "0217ece1-88a2-4835-87c6-f521aab51a10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9675", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moiyr2plnu2x", "content": "CVE-2026-9675 - undici WebSocket client vulnerable to denial of service via cumulative fragment bypass\nCVE ID : CVE-2026-9675\n \n Published : June 17, 2026, 4:20 p.m. | 1\u00a0hour, 22\u00a0minutes ago\n \n Description : Impact:\nThe undici WebSocket client enforces maxPayloadSize per-frame...", "creation_timestamp": "2026-06-17T19:00:58.755568Z"}, {"uuid": "8604ec34-05f0-4ac7-9ace-62f9d070a0bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9675", "type": "seen", "source": "https://bsky.app/profile/nodeland.dev/post/3mol72mwbn425", "content": "\ud83d\udfe0 High: WebSocket DoS, cumulative fragments (CVE-2026-9675).\nPer-frame size was checked, but not the cumulative size across a fragmented message. An 8.x-only regression (introduced in 8.1.0). Fixed in 8.5.0.", "creation_timestamp": "2026-06-18T15:59:02.303074Z"}]}