PT-2026-52064

Name of the Vulnerable Software and Affected Versions Node.js versions 26.0.0 through 26.3.0 Description A flaw in the Node.js Permission API allows a local server to be started via a Unix domain socket, bypassing the requirement for the --allow-net permission. Recommendations Update to version...

PT-2026-52063

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x Node.js versions 24.x Node.js versions 26.x Description A flaw in the Node.js Permission API allows file metadata to be modified even when a path is configured as read-only, such as when using the --allow-fs-read flag...

PT-2026-52060

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x and earlier Node.js versions 24.x and earlier Node.js versions 26.0.0 through 26.3.0 Description An inconsistency in hostname matching can lead to a trust-policy bypass within multi-context mTLS mutual Transport Layer...

PT-2026-52062

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x through 26.3.0 Description A flaw in the TLS host verification process allows an attacker to bypass certification validation. Recommendations Update Node.js to version 26.3.1 or later...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs26: nodejs26-26.3.0-1.2.hum1 aarch64, x8664 nodejs26-bin-26.3.0-1.2.hum1 noarch nodejs26-devel-26.3.0-1.2.hum1 aarch64, x8664 nodejs26-docs-26.3.0-1.2.hum1 noarch...