3 matches found
CVE-2026-21636 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2026-21636
creationtimestamp| type| source ---|---|--- 2026-01-14 15:25:23+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mcfevpldtt2g 2026-01-21 08:28:31+00:00| seen| https://gist.github.com/Darkcrai86/1d5da37efe8966fe505e8cc0d04e78ff 2026-01-29 17:59:13+00:00| seen|...
SUSE CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...