CVE-2026-59725: CWE-404: Improper Resource Shutdown or Release in socketio socket.io
Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated attacker to exhaust server-side connections and sockets. This issue is fixed in version 6.6.7.
AI Analysis
Technical Summary
CVE-2026-59725 is an improper resource shutdown vulnerability (CWE-404) in socket.io's Engine.IO protocol v4 polling transport. Versions from 4.1.0 before 6.6.7 fail to properly close HTTP responses for invalid binary POST requests with Content-Type: application/octet-stream. This flaw enables unauthenticated attackers to exhaust server-side connections and sockets, potentially causing denial of service. The issue is fixed in socket.io version 6.6.7.
Potential Impact
The vulnerability allows an unauthenticated attacker to exhaust server-side connections and sockets by sending malformed binary POST requests, leading to denial of service. There is no impact on confidentiality or integrity, but availability is severely affected.
Mitigation Recommendations
A fix is available in socket.io version 6.6.7. Users should upgrade to version 6.6.7 or later to remediate this vulnerability. No other mitigation or temporary workaround is indicated.
CVE-2026-59725: CWE-404: Improper Resource Shutdown or Release in socketio socket.io
Description
Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated attacker to exhaust server-side connections and sockets. This issue is fixed in version 6.6.7.
CVSS v3.1
Score 7.5high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-59725 is an improper resource shutdown vulnerability (CWE-404) in socket.io's Engine.IO protocol v4 polling transport. Versions from 4.1.0 before 6.6.7 fail to properly close HTTP responses for invalid binary POST requests with Content-Type: application/octet-stream. This flaw enables unauthenticated attackers to exhaust server-side connections and sockets, potentially causing denial of service. The issue is fixed in socket.io version 6.6.7.
Potential Impact
The vulnerability allows an unauthenticated attacker to exhaust server-side connections and sockets by sending malformed binary POST requests, leading to denial of service. There is no impact on confidentiality or integrity, but availability is severely affected.
Mitigation Recommendations
A fix is available in socket.io version 6.6.7. Users should upgrade to version 6.6.7 or later to remediate this vulnerability. No other mitigation or temporary workaround is indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-07-06T15:34:16.916Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4e73c2c9d9e3dbe36042aa
Added to database: 07/08/2026, 15:58:58 UTC
Last enriched: 07/08/2026, 16:13:38 UTC
Last updated: 07/09/2026, 01:39:19 UTC
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.