🚨 High-severity security fix in undici (6.26.0, 7.28.0, 8.5.0) just released!
Patches CVE-2026-12151. undici WebSocket client vulnerable to denial of service via fragment count bypass.
github.com/nodejs/undic...
github.com
## Impact
The undici WebSocket client enforces `maxPayloadSize` on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSoc...
