4 matches found
CVE-2026-21636 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
Linux Distros Unpatched Vulnerability : CVE-2026-21636
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without...
PT-2026-3317
Name of the Vulnerable Software and Affected Versions Node.js version 25 Description A flaw in the permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs, such as URLs or socketPa...