CVE Disclosure

CVE-2026-44217

sse-channel (npm) · JavaScript

SSE injection — unsanitized fields

CVSS—

SeverityMedium

StatusPublished

Summary

CVE-2026-44217 is a medium-severity vulnerability affecting sse-channel (npm) (JavaScript): SSE injection — unsanitized fields.

References

NVD↗MITRE↗Vendor / Advisory↗PoC repo (if published)↗

Disclosure

Reported by Kai Aizen. Status: Published. Coordinated through standard NVD/MITRE/GHSA channels.

disclosure contextall 30 cves →

all disclosures

30 published CVEs

GHSA disclosures →

4 coordinated advisories

Pen Testing →

same methodology, your stack

Author

Kai Aizen

Independent offensive security researcher. 30 published CVEs, 5 Linux kernel mainline patches, creator of AATMF / P.R.O.M.P.T / SEF, author of Adversarial Minds.

about services github x linkedin researchgate