CVE-2026-10650: Resource Consumption in warmcat libwebsockets
A resource consumption vulnerability exists in warmcat libwebsockets versions up to 4. 5. 8 in the SSH Protocol Handler component. The flaw is in the function lws_ssh_parse_plaintext, where manipulation of the msg_len argument can cause excessive resource use. This issue can be exploited remotely without authentication. A patch identified by commit 3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498 has been released to address the vulnerability. The CVSS 4. 0 score is 6. 9, indicating a medium severity level.
AI Analysis
Technical Summary
CVE-2026-10650 is a medium severity vulnerability in warmcat libwebsockets (up to version 4.5.8) affecting the SSH Protocol Handler's lws_ssh_parse_plaintext function. By manipulating the msg_len parameter, an attacker can cause resource consumption, potentially leading to denial of service. The vulnerability is remotely exploitable without requiring privileges or user interaction. A patch commit (3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498) has been published to fix this issue. No vendor advisory or official remediation level is provided in the data, but the presence of a patch commit indicates a fix is available.
Potential Impact
The vulnerability allows remote attackers to cause resource consumption on affected systems running libwebsockets versions up to 4.5.8. This could degrade service availability or lead to denial of service conditions. No evidence of privilege escalation, data disclosure, or code execution is indicated. Exploitation requires no privileges or user interaction.
Mitigation Recommendations
Apply the patch identified by commit 3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498 to remediate this vulnerability. Since no official vendor advisory is provided, verify patch availability and applicability from the warmcat libwebsockets project repository or official sources. Patch status is not yet confirmed by a vendor advisory; check the vendor's resources for current remediation guidance.
CVE-2026-10650: Resource Consumption in warmcat libwebsockets
Description
A resource consumption vulnerability exists in warmcat libwebsockets versions up to 4. 5. 8 in the SSH Protocol Handler component. The flaw is in the function lws_ssh_parse_plaintext, where manipulation of the msg_len argument can cause excessive resource use. This issue can be exploited remotely without authentication. A patch identified by commit 3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498 has been released to address the vulnerability. The CVSS 4. 0 score is 6. 9, indicating a medium severity level.
CVSS v4.0
Score 6.9medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-10650 is a medium severity vulnerability in warmcat libwebsockets (up to version 4.5.8) affecting the SSH Protocol Handler's lws_ssh_parse_plaintext function. By manipulating the msg_len parameter, an attacker can cause resource consumption, potentially leading to denial of service. The vulnerability is remotely exploitable without requiring privileges or user interaction. A patch commit (3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498) has been published to fix this issue. No vendor advisory or official remediation level is provided in the data, but the presence of a patch commit indicates a fix is available.
Potential Impact
The vulnerability allows remote attackers to cause resource consumption on affected systems running libwebsockets versions up to 4.5.8. This could degrade service availability or lead to denial of service conditions. No evidence of privilege escalation, data disclosure, or code execution is indicated. Exploitation requires no privileges or user interaction.
Mitigation Recommendations
Apply the patch identified by commit 3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498 to remediate this vulnerability. Since no official vendor advisory is provided, verify patch availability and applicability from the warmcat libwebsockets project repository or official sources. Patch status is not yet confirmed by a vendor advisory; check the vendor's resources for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-02T15:19:20.070Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1f4fb5e29bf47b5009beb8
Added to database: 6/2/2026, 9:48:37 PM
Last enriched: 6/2/2026, 10:04:50 PM
Last updated: 6/2/2026, 11:08:42 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.