• Tenable
  • CVEs
  • Settings
    Links
    Tenable Cloud Tenable Community & Support Tenable University
    Severity
    Theme
  • Tenable
  • Plugins
  • Overview
  • Plugins Pipeline
  • Newest
  • Updated
  • Search
  • Nessus Families
  • WAS Families
  • NNM Families
  • Tenable OT Security Families
  • Tenable Cloud Security Families
  • Tenable Self-Hosted Container Security Families
  • About Plugin Families
  • Release Notes
  • Audits
  • Overview
  • Newest
  • Updated
  • Search Audit Files
  • Search Items
  • References
  • Authorities
  • Documentation
  • Download All Audit Files
  • Indicators
  • Overview
  • Search
  • Indicators of Attack
  • Indicators of Exposure
  • Release Notes
  • CVEs
  • Overview
  • Newest
  • Updated
  • Search
  • Attack Path Techniques
  • Overview
  • Search
    • Links
    • Tenable Cloud
    • Tenable Community & Support
    • Tenable University
    • Settings
    • Severity
    • Theme
Detections
  • Plugins
  • Overview
  • Plugins Pipeline
  • Release Notes
  • Newest
  • Updated
  • Search
  • Nessus Families
  • WAS Families
  • NNM Families
  • Tenable OT Security Families
  • Tenable Cloud Security Families
  • Tenable Self-Hosted Container Security Families
  • About Plugin Families
  • Audits
  • Overview
  • Newest
  • Updated
  • Search Audit Files
  • Search Items
  • References
  • Authorities
  • Documentation
  • Download All Audit Files
  • Indicators
  • Overview
  • Search
  • Indicators of Attack
  • Indicators of Exposure
  • Release Notes
Analytics
  • CVEs
  • Overview
  • Newest
  • Updated
  • Search
  • Attack Path Techniques
  • Overview
  • Search
  1. CVEs
  2. CVE-2026-45736
  1. CVEs

CVE-2026-45736

high
  • Information
  • CPEs
  • Plugins

Description

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.

References

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45736.json

https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx

https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086

https://bugzilla.redhat.com/show_bug.cgi?id=2477914

https://access.redhat.com/security/cve/CVE-2026-45736

https://access.redhat.com/errata/RHSA-2026:7655

https://access.redhat.com/errata/RHSA-2026:37272

https://access.redhat.com/errata/RHSA-2026:36820

https://access.redhat.com/errata/RHSA-2026:36754

https://access.redhat.com/errata/RHSA-2026:34374

https://access.redhat.com/errata/RHSA-2026:33574

https://access.redhat.com/errata/RHSA-2026:29197

https://access.redhat.com/errata/RHSA-2026:27171

https://access.redhat.com/errata/RHSA-2026:26994

https://access.redhat.com/errata/RHSA-2026:26638

Details

Source: Mitre, NVD

Published: 2026-05-15

Updated: 2026-07-15

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00009

  • Tenable.com
  • Community & Support
  • Documentation
  • Education
  • © 2026 Tenable®, Inc. All Rights Reserved
  • Privacy Policy
  • Legal
  • 508 Compliance