Deno: Denial of service via non-ASCII bytes in WebSocket response headers — CVE-2026-55517

Summary

## Summary A Deno program that opens a client `WebSocket` connection could be crashed by the remote server. While handling the WebSocket handshake response, Deno parsed the `Sec-WebSocket-Protocol` and `Sec-WebSocket-Extensions` response headers in a way that assumed their bytes were always printable ASCII. A response header containing non-visible-ASCII bytes (`0x80`-`0xFF`) caused a panic that aborted the entire…

Product

rust: deno

What to do

General, cautious steps (verify details in the official source):

• Review exposure and plan remediation based on risk and environment.
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

• Read the official source
• CVE Record
• NVD

Related advisories