npm CVE Archive

undici CVE Vulnerabilities

All known CVEs affecting undici. Kodem’s runtime-powered SCA reveals which are actually reachable in your application.

Known vulnerabilities

CVE

Summary

Severity

CVE-2026-12151

undici WebSocket client vulnerable to denial of service via fragment count…

High

CVE-2026-9679

undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

Medium

CVE-2026-6734

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

High

CVE-2026-9697

undici vulnerable to TLS certificate validation bypass via dropped requestTls…

High

CVE-2026-9678

undici vulnerable to cross-user information disclosure via shared cache…

Medium

CVE-2026-9675

undici WebSocket client vulnerable to denial of service via cumulative fragment…

High

CVE-2026-1526

Undici has Unbounded Memory Consumption in WebSocket permessage-deflate…

High

CVE-2026-2229

Undici has Unhandled Exception in WebSocket Client Due to Invalid…

High

CVE-2026-1527

Undici has CRLF Injection in undici via `upgrade` option

Medium

CVE-2026-2581

Undici has Unbounded Memory Consumption in its DeduplicationHandler via…

Medium

CVE-2026-1528

Undici: Malicious WebSocket 64-bit length overflows parser and crashes the…

High

CVE-2026-1525

Undici has an HTTP Request/Response Smuggling issue

Medium

CVE-2026-22036

Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch…

Medium

CVE-2025-22150

Use of Insufficiently Random Values in undici

Medium

CVE-2024-24750

fetch(url) leads to a memory leak in undici

Medium

CVE-2023-23936

CRLF Injection in Nodejs ‘undici’ via host

Medium

CVE-2023-24807

Regular Expression Denial of Service in Headers

High

CVE-2022-35948

Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type

Medium

CVE-2022-35949

`undici.request` vulnerable to SSRF using absolute URL on `pathname`

Medium

CVE-2022-31150

undici before v5.8.0 vulnerable to CRLF injection in request headers

Medium

CVE-2022-32210

ProxyAgent vulnerable to MITM

High

Prioritize undici vulnerabilities

Kodem Kai can identify which of these CVEs are reachable in your dependency tree and generate targeted fix recommendations.

Get a demo →

Stop the waste.
Protect your environment with Kodem.

Get a personalized demo

undici CVE Vulnerabilities

Prioritize undici vulnerabilities

Stop the waste.Protect your environment with Kodem.

Stop the waste.
Protect your environment with Kodem.