Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-jz1p-pxvn-uqdv
Vulnerability ID VCID-jz1p-pxvn-uqdv
Aliases CVE-2022-41940
GHSA-r7qp-cfhv-p84w
Summary Uncaught exception in engine.io
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-248 Uncaught Exception
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41940.json
epss 0.01608 https://api.first.org/data/v1/epss?cve=CVE-2022-41940
epss 0.01608 https://api.first.org/data/v1/epss?cve=CVE-2022-41940
epss 0.01608 https://api.first.org/data/v1/epss?cve=CVE-2022-41940
epss 0.01608 https://api.first.org/data/v1/epss?cve=CVE-2022-41940
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-r7qp-cfhv-p84w
cvssv3.1 6.5 https://github.com/socketio/engine.io
generic_textual MODERATE https://github.com/socketio/engine.io
cvssv3.1 6.5 https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6
generic_textual MODERATE https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6
cvssv3.1 6.5 https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085
generic_textual MODERATE https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085
cvssv3.1 6.5 https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w
cvssv3.1_qr MODERATE https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w
generic_textual MODERATE https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41940
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2022-41940
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41940.json
https://api.first.org/data/v1/epss?cve=CVE-2022-41940
https://github.com/socketio/engine.io
https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6
https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085
2144970 https://bugzilla.redhat.com/show_bug.cgi?id=2144970
CVE-2022-41940 https://nvd.nist.gov/vuln/detail/CVE-2022-41940
GHSA-r7qp-cfhv-p84w https://github.com/advisories/GHSA-r7qp-cfhv-p84w
GHSA-r7qp-cfhv-p84w https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w
RHSA-2023:3954 https://access.redhat.com/errata/RHSA-2023:3954
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41940.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/socketio/engine.io
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-41940
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.82165
EPSS Score 0.01608
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:33:22.939268+00:00 GHSA Importer Import https://github.com/advisories/GHSA-r7qp-cfhv-p84w 38.6.0