13 matches found
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs26: nodejs26-26.5.0-1.3.hum1 aarch64, x8664 nodejs26-bin-26.5.0-1.3.hum1 noarch nodejs26-devel-26.5.0-1.3.hum1 aarch64, x8664 nodejs26-docs-26.5.0-1.3.hum1 noarch...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs26: nodejs26-26.4.0-1.4.hum1 aarch64, x8664 nodejs26-bin-26.4.0-1.4.hum1 noarch nodejs26-devel-26.4.0-1.4.hum1 aarch64, x8664 nodejs26-docs-26.4.0-1.4.hum1 noarch...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs26: nodejs26-26.4.0-1.3.hum1 aarch64, x8664 nodejs26-bin-26.4.0-1.3.hum1 noarch nodejs26-devel-26.4.0-1.3.hum1 aarch64, x8664 nodejs26-docs-26.4.0-1.3.hum1 noarch...
BIT-NODE-MIN-2026-48936
A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...
BIT-NODE-2026-48936
A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...
CVE-2026-48618
A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...
CVE-2026-48933
A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
EUVD-2026-39606
A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...
CVE-2026-48934
A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs26: nodejs26-26.4.0-1.2.hum1 aarch64, x8664 nodejs26-bin-26.4.0-1.2.hum1 noarch nodejs26-devel-26.4.0-1.2.hum1 aarch64, x8664 nodejs26-docs-26.4.0-1.2.hum1 noarch...
CVE-2026-48931
A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
PT-2026-52058
Name of the Vulnerable Software and Affected Versions Node.js versions 22.x, 24.x, and 26.x prior to 26.3.1-1.1 Description A flaw in the Node.js HTTP/2 client enables a server to send an unlimited number of ORIGIN frames, potentially causing an Out of Memory error on the client side...
PT-2026-52061
Name of the Vulnerable Software and Affected Versions Node.js versions 22.x and earlier Node.js versions 24.x and earlier Node.js versions 26.x and earlier Description A flaw in TLS hostname handling allows embedded-nul hostnames to cause silent authority rebinding. This occurs due to c-string...