AIKIDO-2026-10345
@cloudflare/workerd-darwin-64 is vulnerable to Use after free
45
Medium Risk
This Affects:
@cloudflare/workerd-darwin-64TL;DR
Affected versions of this package are affected by a use after free vulnerability in workerd. Under certain conditions, asynchronous request handling paths may retain references to objects associated with request or stream processing after those objects have already been released. This can result in memory safety violations when the stale references are later accessed. An attacker able to trigger these conditions through crafted requests could cause the worker runtime to access freed memory, potentially leading to crashes and denial-of-service. The issue is fixed by improving lifecycle management and ensuring that internal objects cannot be accessed after they have been invalidated.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
@cloudflare/workerd-darwin-64 is vulnerable to Use after free in versions 1.20260226.1 - 1.20260307.1.
How to fix this
Upgrade the @cloudflare library to the patch version.
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant