Update dependency undici to v6.24.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
undici (source)	6.21.2 → 6.24.0

GitHub Vulnerability Alerts

CVE-2026-22036

Impact

The fetch() API supports chained HTTP encoding algorithms for response content according to RFC 9110 (e.g., Content-Encoding: gzip, br). This is also supported by the undici decompress interceptor.

However, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation.

Patches

Upgrade to 7.18.2 or 6.23.0.

Workarounds

It is possible to apply an undici interceptor and filter long Content-Encoding sequences manually.

References

• https://hackerone.com/reports/3456148
• GHSA-gm62-xv2j-4w53
• https://curl.se/docs/CVE-2022-32206.html

CVE-2026-1528

Impact

A server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process.

Patches

Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.

Workarounds

There are no workarounds.

CVE-2026-1525

Impact

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names (e.g., Content-Length and content-length). This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire.

Who is impacted:

• Applications using undici.request(), undici.Client, or similar low-level APIs with headers passed as flat arrays
• Applications that accept user-controlled header names without case-normalization

Potential consequences:

• Denial of Service: Strict HTTP parsers (proxies, servers) will reject requests with duplicate Content-Length headers (400 Bad Request)
• HTTP Request Smuggling: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking

Patches

Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.

Workarounds

If upgrading is not immediately possible:

1. Validate header names: Ensure no duplicate Content-Length headers (case-insensitive) are present before passing headers to undici
2. Use object format: Pass headers as a plain object ({ 'content-length': '123' }) rather than an array, which naturally deduplicates by key
3. Sanitize user input: If headers originate from user input, normalize header names to lowercase and reject duplicates

CVE-2026-2229

Impact

The undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range server_max_window_bits value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination.

The vulnerability exists because:

1. The isValidClientWindowBits() function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15
2. The createInflateRaw() call is not wrapped in a try-catch block
3. The resulting exception propagates up through the call stack and crashes the Node.js process

Patches

Has the problem been patched? What versions should users upgrade to?

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

CVE-2026-1526

Description

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit on the decompressed data size. A malicious WebSocket server can send a small compressed frame (a "decompression bomb") that expands to an extremely large size in memory, causing the Node.js process to exhaust available memory and crash or become unresponsive.

The vulnerability exists in the PerMessageDeflate.decompress() method, which accumulates all decompressed chunks in memory and concatenates them into a single Buffer without checking whether the total size exceeds a safe threshold.

Impact

• Remote denial of service against any Node.js application using undici's WebSocket client
• A single compressed WebSocket frame of ~6 MB can decompress to ~1 GB or more
• Memory exhaustion occurs in native/external memory, bypassing V8 heap limits
• No application-level mitigation is possible as decompression occurs before message delivery

Patches

Users should upgrade to fixed versions.

Workarounds

No workaround are possible.

CVE-2026-1527

Impact

When an application passes user-controlled input to the upgrade option of client.request(), an attacker can inject CRLF sequences (\r\n) to:

1. Inject arbitrary HTTP headers
2. Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch)

The vulnerability exists because undici writes the upgrade value directly to the socket without validating for invalid header characters:

// lib/dispatcher/client-h1.js:1121
if (upgrade) {
  header += `connection: upgrade\r\nupgrade: ${upgrade}\r\n`
}

Patches

Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.

Workarounds

Sanitize the upgrade option string before passing to undici:

function sanitizeUpgrade(value) {
  if (/[\r\n]/.test(value)) {
    throw new Error('Invalid upgrade value')
  }
  return value
}

client.request({
  upgrade: sanitizeUpgrade(userInput)
})

---

Release Notes

nodejs/undici (undici)

v6.24.0

Compare Source

Undici v6.24.0 Security Release Notes (LTS)

This release backports fixes for security vulnerabilities affecting the v6 line.

Upgrade guidance

All users on v6 should upgrade to v6.24.0 or later.

Fixed advisories

• GHSA-2mjp-6q6p-2qxm / CVE-2026-1525 (Medium)
  Inconsistent interpretation of HTTP requests (request/response smuggling class issue).

• GHSA-f269-vfmq-vjvj / CVE-2026-1528 (High)
  Malicious WebSocket 64-bit frame length handling could crash the client.

• GHSA-4992-7rv2-5pvq / CVE-2026-1527 (Medium)
  CRLF injection via the upgrade option.

• GHSA-v9p9-hfj2-hcw8 / CVE-2026-2229 (High)
  Unhandled exception from invalid server_max_window_bits in WebSocket permessage-deflate negotiation.

• GHSA-vrm6-8vpv-qv8q / CVE-2026-1526 (High)
  Unbounded memory consumption in WebSocket permessage-deflate decompression.

Not applicable to v6

• GHSA-phc3-fgpg-7m6h / CVE-2026-2581 affects >= 7.17.0 < 7.24.0 only.

Affected and patched ranges (v6)

• CVE-2026-1525: affected < 6.24.0, patched 6.24.0
• CVE-2026-1528: affected >= 6.0.0 < 6.24.0, patched 6.24.0
• CVE-2026-1527: affected < 6.24.0, patched 6.24.0
• CVE-2026-2229: affected < 6.24.0, patched 6.24.0
• CVE-2026-1526: affected < 6.24.0, patched 6.24.0

References

• GitHub Security Advisories: https://github.com/nodejs/undici/security/advisories
• NVD CVE-2026-1525: https://nvd.nist.gov/vuln/detail/CVE-2026-1525
• NVD CVE-2026-1528: https://nvd.nist.gov/vuln/detail/CVE-2026-1528
• NVD CVE-2026-1527: https://nvd.nist.gov/vuln/detail/CVE-2026-1527
• NVD CVE-2026-2229: https://nvd.nist.gov/vuln/detail/CVE-2026-2229
• NVD CVE-2026-1526: https://nvd.nist.gov/vuln/detail/CVE-2026-1526

v6.23.0

Compare Source

Full Changelog: nodejs/undici@v6.22.0...v6.23.0

v6.22.0

Compare Source

What's Changed

• fix: fix wrong stream canceled up after cloning (v6) by @​snyamathi in #​4414
• [Backport v6.x] fix: fix EnvHttpProxyAgent for the Node.js bundle by @​github-actions[bot] in #​4432
• feat(ProxyAgent): match Curl behavior in HTTP->HTTP Proxy connections (#​4180) by @​metcoder95 in #​4433
• feat(ProxyAgent) improve Curl-y behavior in HTTP->HTTP Proxy connections (#​4180) (#​4340) by @​metcoder95 in #​4445
• Backport 4472 to v6.x by @​Uzlopak in #​4480

Full Changelog: nodejs/undici@v6.21.3...v6.22.0

v6.21.3

Compare Source

What's Changed

• [Backport v6.x] append crlf to formdata body by @​github-actions in #​4210

Full Changelog: nodejs/undici@v6.21.2...v6.21.3

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	undici@​6.21.2 ⏵ 6.24.1	+1	+31	+1	+1

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Potential code anomaly (AI signal): npm chownr is 100.0% likely to have a medium risk anomaly Notes: The code represents a standard, well-scoped recursive ownership utility with deliberate cross-version compatibility. No evidence of malicious activity, data leakage, or external communications. The main risk is the potential for broad permission changes if invoked with untrusted uid/gid values; usage should be restricted to trusted contexts. Confidence: 1.00 Severity: 0.60 From: ? → npm/chownr@2.0.0 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/chownr@2.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm delayed-stream is 100.0% likely to have a medium risk anomaly Notes: The DelayedStream module intercepts and buffers events from a source stream. While the core functionality appears to be for stream delay and management, two aspects raise concern: the overriding of the source's emit method and the attachment of a silent error handler (source.on('error', function() {})). The silent error handler is particularly suspicious as it can mask underlying problems or potential malicious activity originating from the source stream. Without further context on why errors are being suppressed, this behavior warrants caution. The code itself does not exhibit direct malware patterns like network exfiltration or reverse shells, but the error suppression could be a component of a larger, more covert operation. Confidence: 1.00 Severity: 0.60 From: ? → npm/@openzeppelin/defender-sdk-deploy-client@2.1.0 → npm/@openzeppelin/defender-sdk-network-client@2.1.0 → npm/delayed-stream@1.0.0 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/delayed-stream@1.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Low CVE: Elliptic allows BER-encoded signatures CVE: GHSA-49q7-c7j4-3p7m Elliptic allows BER-encoded signatures (LOW) Affected versions: >= 5.2.1 < 6.5.7 Patched version: 6.5.7 From: ? → npm/elliptic@6.5.4 ℹ Read more on: This package | This alert | What is a mild CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known low severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/elliptic@6.5.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Low CVE: Elliptic's ECDSA missing check for whether leading bit of r and s is zero CVE: GHSA-977x-g7h5-7qgw Elliptic's ECDSA missing check for whether leading bit of r and s is zero (LOW) Affected versions: >= 2.0.0 < 6.5.7 Patched version: 6.5.7 From: ? → npm/elliptic@6.5.4 ℹ Read more on: This package | This alert | What is a mild CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known low severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/elliptic@6.5.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Low CVE: Elliptic's EDDSA missing signature length check CVE: GHSA-f7q4-pwc6-w24p Elliptic's EDDSA missing signature length check (LOW) Affected versions: >= 4.0.0 < 6.5.7 Patched version: 6.5.7 From: ? → npm/elliptic@6.5.4 ℹ Read more on: This package | This alert | What is a mild CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known low severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/elliptic@6.5.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Low CVE: Elliptic's verify function omits uniqueness validation CVE: GHSA-434g-2637-qmqr Elliptic's verify function omits uniqueness validation (LOW) Affected versions: < 6.5.6 Patched version: 6.5.6 From: ? → npm/elliptic@6.5.4 ℹ Read more on: This package | This alert | What is a mild CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known low severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/elliptic@6.5.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm undici is 100.0% likely to have a medium risk anomaly Notes: The code is a focused error-handling helper for HTTP responses that safely parses small payloads to include in an error object. It includes protective measures (chunk limits, controlled parsing, microtask-based callbacks) but uses unusual, brittle content-type checks and suppresses stack traces for debugging concealment. There is no evidence of malicious activity, data exfiltration, or backdoors within this fragment. The main risk is potential silent data loss if payloads exceed the chunk limit or mismatched content-type handling leads to missing payloads, but this is a functional trade-off rather than malicious. Suggested improvements include robust content-type parsing, clearer error signaling when payload is truncated, and optional logging to aid debugging without exposing stack traces in production. Confidence: 1.00 Severity: 0.60 From: packages/plugin-hardhat/package.json → npm/undici@6.24.1 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/undici@6.24.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm undici is 100.0% likely to have a medium risk anomaly Notes: The script performs an in-place, lossy re-encoding of a local file from UTF-8 to Latin-1 and rewrites it without backups or validation. This is unsafe due to potential data loss and code corruption, and could be exploited to tamper with source files in a supply chain. It does not exhibit active malware behavior, but its destructive nature warrants removal or strict safeguards (backups, explicit intent, error handling). Confidence: 1.00 Severity: 0.60 From: packages/plugin-hardhat/package.json → npm/undici@6.24.1 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/undici@6.24.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm undici is 100.0% likely to have a medium risk anomaly Notes: The analyzed code implements a conventional HTTP/WebSocket-like upgrade handler with proper input validation, abort signal integration, and asynchronous callback management. It does not exhibit malicious activity such as data exfiltration or backdoors. The deliberate onHeaders error path is consistent with protocol expectations to reject non-upgrade responses. Overall security risk remains low to moderate, contingent on integration context, but no indicators of malware or obfuscation are detected in this fragment. Confidence: 1.00 Severity: 0.60 From: packages/plugin-hardhat/package.json → npm/undici@6.24.1 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/undici@6.24.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report