ByteOS Network

NVD Vulnerability Details :

CVE-2026-44217

Deferred

Source-security-advisories@github.com

Published At-12 May, 2026 | 20:16

Updated At-13 May, 2026 | 18:21

sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into the stream. This vulnerability is fixed in 4.0.1.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	6.6	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 6.6

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-93	Primary	security-advisories@github.com

CWE ID: CWE-93

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/rexxars/sse-channel/issues/42	security-advisories@github.com	N/A
https://github.com/rexxars/sse-channel/security/advisories/GHSA-84hm-wfh8-c5pg	security-advisories@github.com	N/A

Hyperlink: https://github.com/rexxars/sse-channel/issues/42

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/rexxars/sse-channel/security/advisories/GHSA-84hm-wfh8-c5pg

Source: security-advisories@github.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History