Update dependency undici to v8.5.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Diffend
undici (source)	8.4.1 → 8.5.0					Diff

---

undici WebSocket client vulnerable to denial of service via cumulative fragment bypass

CVE-2026-9675 / GHSA-38rv-x7px-6hhq

More information

Details

Impact

The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.

Affected applications are those using the undici WebSocket client (new WebSocket(...)) that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.

This is a regression specific to undici 8.1.0. The 6.25.0 line shipped the equivalent cumulative check from the start and is unaffected. The 7.x line never had the maxPayloadSize feature and is also unaffected.

Patches

Upgrade to undici >= 8.5.0.

Workarounds

No workaround is available. The fix must be applied through an upgrade.

Severity

• CVSS Score: 7.5 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

• https://github.com/nodejs/undici/security/advisories/GHSA-38rv-x7px-6hhq
• https://nvd.nist.gov/vuln/detail/CVE-2026-9675
• https://cna.openjsf.org/security-advisories.html
• https://github.com/advisories/GHSA-38rv-x7px-6hhq

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

undici vulnerable to cross-user information disclosure via shared cache whitespace bypass

CVE-2026-9678 / GHSA-pr7r-676h-xcf6

More information

Details

Impact

Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding whitespace, so later comparisons against the literal authorization field name fail and the response is stored.

In shared-cache mode, this allows a response containing one user's authenticated data to be served from cache to a subsequent caller, including an unauthenticated caller, when both requests resolve to the same cache key.

Affected applications are those that explicitly enable the cache interceptor (interceptors.cache()) in shared mode, forward Authorization headers upstream, and receive cacheable responses with non-canonical qualified private or no-cache directives.

Patches

Upgrade to undici v7.28.0 or v8.5.0.

Workarounds

If upgrade is not immediately possible, disable shared-cache mode for traffic that includes Authorization headers, avoid caching responses to authenticated requests, or add Vary: Authorization upstream.

Severity

• CVSS Score: 5.9 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References

• https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6
• https://nvd.nist.gov/vuln/detail/CVE-2026-9678
• https://cna.openjsf.org/security-advisories.html
• https://github.com/advisories/GHSA-pr7r-676h-xcf6

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

CVE-2026-9697 / GHSA-vmh5-mc38-953g

More information

Details

Impact

undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername settings.

Applications that pin to an internal or corporate CA via requestTls.ca will, when their proxy URI is SOCKS5, get the default Mozilla CA bundle as the trust anchor instead. Any cert signed by any publicly-trusted CA for the target hostname is accepted, breaking the intended pin and enabling MITM read and tamper of the HTTPS exchange.

Affected applications are those that use undici's ProxyAgent (or Socks5ProxyAgent directly) with SOCKS5 AND rely on requestTls for TLS scope restriction. The bug was introduced in undici 7.23.0 when SOCKS5 support was added.

Patches

Upgrade to undici v7.28.0 or v8.5.0.

Workarounds

No workaround is available within the SOCKS5 path. If a SOCKS5 proxy with TLS scope restriction is required and an upgrade is not yet possible, route the traffic through an HTTP-proxy ProxyAgent instead, where requestTls is honored correctly.

Severity

• CVSS Score: 7.4 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References

• https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g
• https://nvd.nist.gov/vuln/detail/CVE-2026-9697
• https://cna.openjsf.org/security-advisories.html
• https://github.com/advisories/GHSA-vmh5-mc38-953g

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

nodejs/undici (undici)

v8.5.0

Compare Source

⚠️ Security Release

This release line addresses 8 security advisories. Most are fixed in
v8.5.0; the SOCKS5 pool-reuse issue was fixed earlier in v8.2.0.

Action required: Upgrade to undici 8.5.0 or later.

npm install undici@^8.5.0

Summary

Advisory	CVE	Severity (CVSS)	Fixed in	Fix commit
GHSA-vxpw-j846-p89q	CVE-2026-12151	High (7.5)	8.5.0	32dbf0b3
GHSA-38rv-x7px-6hhq	CVE-2026-9675	High (7.5)	8.5.0	b4c287b3
GHSA-vmh5-mc38-953g	CVE-2026-9697	High (7.4)	8.5.0	42d49559
GHSA-hm92-r4w5-c3mj	CVE-2026-6734	High (7.5)	8.2.0	a516f870
GHSA-pr7r-676h-xcf6	CVE-2026-9678	Moderate (5.9)	8.5.0	cb105d7c
GHSA-p88m-4jfj-68fv	CVE-2026-9679	Moderate (5.9)	8.5.0	5655ea43
GHSA-g8m3-5g58-fq7m	CVE-2026-11525	Low (3.7)	8.5.0	5655ea43
GHSA-35p6-xmwp-9g52	CVE-2026-6733	Low (3.7)	8.5.0	6ea54ef8

---

High severity

WebSocket DoS via fragment count bypass — CVE-2026-12151

GHSA-vxpw-j846-p89q · CWE-400, CWE-770
Fix: 32dbf0b3 websocket: limit the number of fragments in a message (also c5ed7875 handle empty fragments and stream limits)

A malicious WebSocket server can stream a large number of small or empty
continuation frames. Undici enforced a limit on cumulative payload size but did
not limit the number of fragments per message, leading to unbounded memory
growth and denial of service.

• Affected: applications using new WebSocket(...) or WebSocketStream
  against untrusted endpoints.
• Workaround: none — upgrade is required.

WebSocket DoS via cumulative fragment bypass — CVE-2026-9675

GHSA-38rv-x7px-6hhq · CWE-400, CWE-770
Fix: b4c287b3 fix(websocket): enforce max payload size across fragments

Undici validated the size of individual frames but did not track cumulative size
across a fragmented message. An attacker could send many small fragments that
each pass per-frame validation but collectively exceed the configured limit,
causing memory exhaustion. This is a regression introduced in 8.1.0 (the
6.x and 7.x lines are not affected).

• Workaround: none — upgrade is required.

TLS certificate validation bypass in SOCKS5 ProxyAgent — CVE-2026-9697

GHSA-vmh5-mc38-953g · CWE-295
Fix: 42d49559 fix: honor requestTls when proxy is SOCKS5

The ProxyAgent silently discarded the requestTls option when configured with
a SOCKS5 proxy. TLS connections through the SOCKS5 tunnel ignored user-configured
parameters such as ca, cert, key, rejectUnauthorized, and servername,
falling back to the default Mozilla CA bundle. Applications relying on
certificate pinning to an internal CA were exposed to man-in-the-middle attacks.

• Affected: ProxyAgent / Socks5ProxyAgent over SOCKS5 that rely on
  requestTls.
• Workaround: route traffic through an HTTP-proxy ProxyAgent, where
  requestTls functions correctly.

Cross-origin request routing via SOCKS5 proxy pool reuse — CVE-2026-6734

GHSA-hm92-r4w5-c3mj · CWE-346 · Fixed in 8.2.0
Fix: a516f870 fix(socks5-proxy-agent): use per-origin pools to prevent cross-origin routing (#​5041)

Socks5ProxyAgent reused a single connection pool across different origins
without verifying the pool's origin matched the requested origin. This could
route credentials and request data to unintended destinations, cause responses
from the wrong origin to be trusted, and enable HTTPS→HTTP downgrade.

• Affected: applications using Socks5ProxyAgent across multiple origins
  (introduced via #​4385).
• Workaround: use a separate agent instance per origin.

---

Moderate severity

Cross-user information disclosure via shared cache whitespace bypass — CVE-2026-9678

GHSA-pr7r-676h-xcf6 · CWE-524
Fix: cb105d7c fix(cache): trim qualified field names

The cache interceptor mishandled responses with whitespace-padded
Cache-Control directives such as private=" authorization". In shared-cache
mode this could cause authenticated data to be cached and served to other users.

• Affected: apps using the cache interceptor in shared mode that forward
  Authorization upstream and receive non-canonical qualified directives.
• Workaround: disable shared-cache mode for authenticated traffic, avoid
  caching authenticated responses, or add Vary: Authorization upstream.

HTTP header injection via Set-Cookie percent-decoding — CVE-2026-9679

GHSA-p88m-4jfj-68fv · CWE-93
Fix: 5655ea43 fix(cookies): preserve values and parse SameSite strictly

parseSetCookie applied percent-decoding to cookie values, turning encoded
sequences like %0D%0A and %00 into literal bytes, contrary to RFC 6265 §5.4
and browser behavior. Applications forwarding parsed Set-Cookie values into
response headers were exposed to header injection, enabling session fixation,
open redirects, and cache poisoning. Introduced in 7.0.0 via
#​3789.

• Workaround: sanitize values before forwarding — strip or reject CR, LF,
  NUL, ;, and =.

---

Low severity

Set-Cookie SameSite attribute downgrade — CVE-2026-11525

GHSA-g8m3-5g58-fq7m · CWE-183
Fix: 5655ea43 fix(cookies): preserve values and parse SameSite strictly

The cookie parser accepted SameSite values containing Strict, Lax, or
None as substrings rather than requiring exact matches per RFC 6265. Values
like SameSite=NoneOfYourBusiness parsed as None, and SameSite=StrictLax
parsed as Lax, silently weakening cookie security policies for apps that
forward parsed attributes.

HTTP response queue poisoning via keep-alive socket reuse — CVE-2026-6733

GHSA-35p6-xmwp-9g52 · CWE-367 (TOCTOU race condition)
Fix: 6ea54ef8 fix: guard idle socket validation to skip fresh sockets, hardened by c9fbe9d2 keep idle validation on native timers (#​5397) and ac5394b8 keep idle validation on global timers (#​5407)

An attacker controlling an upstream HTTP/1.1 server could inject unsolicited
responses onto idle keep-alive sockets. On socket reuse, the injected response
was associated with a new request, delivering responses to the wrong requests.

• Requirements: attacker-controlled/compromised upstream and active
  keep-alive reuse.
• Workaround: disable keep-alive reuse with keepAliveTimeout: 0 on the
  Client or Pool.

---

Also in v8.5.0 (non-security)

v8.5.0 shipped the security fixes above alongside the following changes. These
are not security fixes — they are listed for completeness of the release. (The
two queue-poisoning hardening PRs, #​5397
and #​5407, are covered under
CVE-2026-6733 above and are not repeated here.)

• HTTP/2: #5408 don't rewind kPendingIdx past in-flight requests · #5391 allow h2 POST request multiplexing · #5406 reap idle HTTP/2 sessions · #5410 preserve h2 queue on out-of-order completion
• Features: #5416 add bodyMixin.textStream() · #5418 align EventSource with spec
• Docs / CI / tests: #5413 document request header validation · #5383 absorb h2 stream timeout resets (test) · #5420 remove stale repro + lint · #5426 extend Windows CI timeout · #5427 detect available python in WPT runner

Full changelog: v8.4.1...v8.5.0.

---

Credits

Per-advisory credits (as recorded in each GHSA):

• CVE-2026-12151 — reported by @​lpinca & @​Nadav0077; reviewed by @​UlisesGascon.
• CVE-2026-9675 — reported by @​mauriceng98 & @​Str1ckl4nd; fixed by @​mcollina & @​KhafraDev; reviewed by @​UlisesGascon.
• CVE-2026-9697 — reported by @​tonghuaroot; reviewed by @​UlisesGascon.
• CVE-2026-6734 — reported by @​ChALkeR; reviewed by @​mcollina; verified by @​UlisesGascon.
• CVE-2026-9678 — fixed by @​mcollina; reviewed by @​UlisesGascon.
• CVE-2026-9679 — reported by @​tndud042713; fixed by @​mcollina; reviewed by @​KhafraDev & @​UlisesGascon.
• CVE-2026-11525 — fixed by @​mcollina; reviewed by @​UlisesGascon.
• CVE-2026-6733 — fixed by @​mcollina; verified by @​UlisesGascon.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.