ByteOS Network

CVE Vulnerability Details :

CVE-2026-46430

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-26 May, 2026 | 16:41

Updated At-26 May, 2026 | 16:41

▼CVE Numbering Authority (CNA)

Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort("", ":5553") resolves to ":5553". This vulnerability is fixed in 1.17.7.

Affected Products

Vendor

xyproto

Product

algernon

Versions

Affected

< 1.17.7

Problem Types

Type	CWE ID	Description
CWE	CWE-668	CWE-668: Exposure of Resource to Wrong Sphere
CWE	CWE-1188	CWE-1188: Insecure Default Initialization of Resource

Type: CWE

CWE ID: CWE-668

Description: CWE-668: Exposure of Resource to Wrong Sphere

Type: CWE

CWE ID: CWE-1188

Description: CWE-1188: Insecure Default Initialization of Resource

Metrics

Version	Base score	Base severity	Vector
3.1	4.3	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

Hyperlink	Resource
https://github.com/xyproto/algernon/security/advisories/GHSA-gj84-924c-48fx	x_refsource_CONFIRM

Hyperlink: https://github.com/xyproto/algernon/security/advisories/GHSA-gj84-924c-48fx

Resource:

x_refsource_CONFIRM

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References