NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-44217

Summary	sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into the stream. This vulnerability is fixed in 4.0.1.
Publication Date	May 13, 2026, 5:16 a.m.
Registration Date	May 15, 2026, 4:18 a.m.
Last Update	May 14, 2026, 3:21 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/rexxars/sse-channel/issues/42	security-advisories@github.com
2	https://github.com/rexxars/sse-channel/security/advisories/GHSA-84hm-wfh8-c5pg	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-93	CRLF インジェクション	https://cwe.mitre.org/data/definitions/93.html