Skip to content

fix: resolve CVE-2026-9697 in undici#587

Merged
benoitf merged 1 commit into
redhat-developer:mainfrom
benoitf:cve-fix/cve-2026-9697-main
Jun 19, 2026
Merged

fix: resolve CVE-2026-9697 in undici#587
benoitf merged 1 commit into
redhat-developer:mainfrom
benoitf:cve-fix/cve-2026-9697-main

Conversation

@benoitf

@benoitf benoitf commented Jun 18, 2026

Copy link
Copy Markdown
Collaborator

What does this PR do?

Fix high severity vulnerability CVE-2026-9697 in undici.

Advisory: undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
Vulnerable versions: >=7.23.0 <7.28.0
Patched versions: >=7.28.0
Advisory URL: GHSA-vmh5-mc38-953g

Screenshot / video of UI

N/A - dependency update only.

What issues does this PR fix or reference?

Fixes CVE-2026-9697: undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

How to test this PR?

Run pnpm audit and verify CVE-2026-9697 is no longer reported

@benoitf @claude
fix: resolve CVE-2026-9697 in undici
b8f077f 
Upgrade undici to satisfy >=7.28.0
Advisory: GHSA-vmh5-mc38-953g

Co-authored-by: Claude <noreply@anthropic.com>
Signed-off-by: Florent Benoit <fbenoit@redhat.com>
@benoitf benoitf enabled auto-merge (rebase) June 18, 2026 16:55
@benoitf benoitf disabled auto-merge June 19, 2026 07:13
@benoitf benoitf merged commit 4724a30 into redhat-developer:main Jun 19, 2026
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeffmaury jeffmaury Awaiting requested review from jeffmaury

Assignees

No one assigned

Labels

domain/redhat-lightspeed/inreview

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@benoitf