A vulnerability described as problematic has been identified in faye websocket-driver up to 0.7.4. This affects the function Accept of the file lib/websocket/driver/hybi.js of the component Permessage-Deflate Extension. The manipulation results in out-of-bounds write.

This vulnerability is identified as CVE-2026-54490. The attack can be executed remotely. There is not any exploit available.