Known Vulnerabilities for Socket.io by Socket
Listed below are 2 of the newest known vulnerabilities associated with "Socket.io" by "Socket".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-32980 | OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-t... | Not Provided | 2026-03-29 | 2026-03-30 |
| CVE-2026-28727 | Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protec... | Not Provided | 2026-03-06 | 2026-04-02 |
| CVE-2026-23372 | In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel tx_work before socket teardown In ... | Not Provided | 2026-03-25 | 2026-04-02 |
| CVE-2026-23273 | In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlan_common_n... | Not Provided | 2026-03-20 | 2026-04-02 |
| CVE-2026-21711 | A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required... | Not Provided | 2026-03-30 | 2026-04-01 |
| CVE-2026-1679 | The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversize... | Not Provided | 2026-03-28 | 2026-04-01 |
| CVE-2025-43359 | A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadO... | Not Provided | 2025-09-15 | 2026-04-02 |
| CVE-2025-39946 | In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus ... | Not Provided | 2025-10-04 | 2026-04-02 |
| CVE-2025-14213 | Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker ... | Not Provided | 2026-03-31 | 2026-03-31 |
| CVE-2020-28481 | The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelis... | 4.3 - MEDIUM | 2021-01-19 | 2021-01-28 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Socket | Socket.io | 2.4.0 | All | All | All |
| Application | Socket | Socket.io | 2.2.0 | All | All | All |
| Application | Socket | Socket.io | 2.1.1 | All | All | All |
| Application | Socket | Socket.io | 2.1.0 | All | All | All |
| Application | Socket | Socket.io | 2.0.4 | All | All | All |
| Application | Socket | Socket.io | 2.0.3 | All | All | All |
| Application | Socket | Socket.io | 2.0.2 | All | All | All |
| Application | Socket | Socket.io | 2.0.1 | All | All | All |
| Application | Socket | Socket.io | 2.0.0 | All | All | All |
| Application | Socket | Socket.io | 1.7.4 | All | All | All |
| Application | Socket | Socket.io | 1.7.3 | All | All | All |
| Application | Socket | Socket.io | 1.7.2 | All | All | All |
| Application | Socket | Socket.io | 1.7.1 | All | All | All |
| Application | Socket | Socket.io | 1.7.0 | All | All | All |
| Application | Socket | Socket.io | 1.6.0 | All | All | All |
| Application | Socket | Socket.io | 1.5.1 | All | All | All |
| Application | Socket | Socket.io | 1.5.0 | All | All | All |
| Application | Socket | Socket.io | 1.4.8 | All | All | All |
| Application | Socket | Socket.io | 1.4.7 | All | All | All |
| Application | Socket | Socket.io | 1.4.6 | All | All | All |