🚨 Low-severity security fix in undici (6.26.0, 7.28.0, 8.5.0) just released!
Patches CVE-2026-6733. undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse.
github.com/nodejs/undic...
## Impact
Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto...
