QwikSec

Security Database

CVE

CWE

Training

CVE-2026-44217

Published: May 12, 2026

Modified: May 14, 2026

PUBLISHED

Description

sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into the stream. This vulnerability is fixed in 4.0.1.

Vendor	Product	Versions
rexxars	sse-channel	affected `< 4.0.1`

Weaknesses (CWE)

References

https://github.com/rexxars/sse-channel/security/advisories/GHSA-84hm-wfh8-c5pg

x_refsource_CONFIRM

https://github.com/rexxars/sse-channel/issues/42

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.