{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T03:53:11.238","vulnerabilities":[{"cve":{"id":"CVE-2026-1527","sourceIdentifier":"ce714d77-add3-4f53-aff5-83d477b104bb","published":"2026-03-12T21:16:25.137","lastModified":"2026-03-20T15:49:31.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ImpactWhen an application passes user-controlled input to the upgrade option of client.request(), an attacker can inject CRLF sequences (\\r\\n) to:\n\n  *  Inject arbitrary HTTP headers\n  *  Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch)\nThe vulnerability exists because undici writes the upgrade value directly to the socket without validating for invalid header characters:\n\n// lib/dispatcher/client-h1.js:1121\nif (upgrade) {\n  header += `connection: upgrade\\r\\nupgrade: ${upgrade}\\r\\n`\n}"},{"lang":"es","value":"ImpactoCuando una aplicación pasa entrada controlada por el usuario a la opción upgrade de client.request(), un atacante puede inyectar secuencias CRLF (\\r\\n) para:\n\n  *  Inyectar encabezados HTTP arbitrarios\n  *  Terminar la solicitud HTTP prematuramente y contrabandear datos sin procesar a servicios no HTTP (Redis, Memcached, Elasticsearch)\nLa vulnerabilidad existe porque undici escribe el valor upgrade directamente al socket sin validar caracteres de encabezado no válidos:\n\n// lib/dispatcher/client-h1.js:1121\nif (upgrade) {\n  header += `connection: upgrade\\r\\nupgrade: ${upgrade}\\r\\n`\n}"}],"metrics":{"cvssMetricV31":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5}]},"weaknesses":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","description":[{"lang":"en","value":"CWE-93"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionEndExcluding":"6.24.0","matchCriteriaId":"C08CE582-019D-4A06-910A-6010C2D6EF4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.24.0","matchCriteriaId":"F016E7D9-C45A-4DEF-9AD8-F0581AF5E509"}]}]}],"references":[{"url":"https://cna.openjsf.org/security-advisories.html","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Vendor Advisory"]},{"url":"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"https://hackerone.com/reports/3487198","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Permissions Required"]}]}}]}