CVE-2026-44217

Published: Mag 12, 2026 Last Modified: Mag 12, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,6

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into the stream. This vulnerability is fixed in 4.0.1.

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity

Potential Impacts:

Modify Application Data

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/rexxars/sse-channel/issues/42

https://github.com/rexxars/sse-channel/security/advisories/…

https://github.com/rexxars/sse-channel/security/advisories/GHSA-84hm-wfh8-c5pg

CVE-2026-44217

Description

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter