CVE-2026-9697 | undici up to 7.27.x/8.4.x Setting servername certificate validation (GHSA-vmh5-mc38-953g)

A vulnerability was found in undici up to 7.27.x/8.4.x and classified as problematic. The impacted element is an unknown function of the component Setting Handler. Executing a manipulation of the argument servername can lead to improper certificate validation.

This vulnerability is tracked as CVE-2026-9697. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More