CVE-2026-21716 affecting package nodejs24 for versions less than 24.14.1-1

CVE-2026-21716 affecting package nodejs24 for versions less than 24.14.1-1. An upgraded version of the package is available that resolves this issue...

SUSE-SU-2026:1299-1 Security update for nodejs24

This update for nodejs24 fixes the following issues: - Update to 24.14.1 - CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths and can cause a denial of service bsc1256576. - CVE-2026-21710: uncaught TypeError exception can cause a...

CVE-2026-21716 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2026-21716 vulnerabilities

Vulnerabilities for packages: nodejs...

Photon OS 4.0: Nodejs PHSA-2026-4.0-0995

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0995. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched. As a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions. This vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.

...

CVE-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

DEBIAN-CVE-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

CVE-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

CVE-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

CVE-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

SUSE CVE-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

CVE-2026-21716

creationtimestamp| type| source ---|---|--- 2026-03-25 03:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/node-js-multiple-vulnerabilities20260325 2026-03-30 20:05:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3michjcdym62q 2026-03-30 22:50:34+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2026-21716

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their...