CVE-2026-35515
mediumCVSS v3 Base Score
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS Score
0.0%
Exploitation probability in 30 days
Top 98% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
Low
Availability
Low
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in Nest, a framework for building Node.js server-side applications. An attacker can exploit a vulnerability in the `SseStream._transform()` function by injecting newline characters into `message.type` and `message.id` fields. This allows the attacker to inject arbitrary Server-Sent Events (SSE), spoof event types, and corrupt the reconnection state, potentially leading to unexpected application behavior or denial of service.
CWE
CWE-93Affected Products
Red Hat Developer HubRed Hat OpenShift Container Platform 4