CVE-2026-21713
CVE-2026-21713 (Node.js HMAC timing side-channel) involves a non-constant-time comparison in HMAC verification, exposing potential timing information proportional to the number of matching bytes. The issue is present across 20.x, 22.x, 24.x, and 25.x releases. The advisories note that Node.js alr...