Ghostwire

CVE-2026-48779: ws: Memory exhaustion DoS from tiny fragments and data chunks

HIGH CVSS 7.5 Exploit Available

Published: June 15, 2026 | Last Modified: June 15, 2026

Description

ws: Memory exhaustion DoS from tiny fragments and data chunks

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References

github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p
github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7
github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53
github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94
github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8
github.com/advisories/GHSA-96hv-2xvq-fx4p
www.tenable.com/cve/CVE-2026-48779
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-48779