Lucene search
K

6 matches found

OSV
OSV
added 2026/06/30 11:26 a.m.4 views

ROOT-APP-NPM-CVE-2026-22036 CVE-2026-22036 in @rootio/undici - Patched by Root

Root has patched CVE-2026-22036 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

5.9CVSS5.9AI score0.00433EPSS
Exploits0
Chainguard
Chainguard
added 2026/01/20 7:20 p.m.8 views

CVE-2026-22036 vulnerabilities

Vulnerabilities for packages: gemini-cli, langfuse-fips, code-server, kibana, librechat, renovate, jitsucom-jitsu, langfuse...

7.5CVSS6.7AI score0.00433EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/14 9:6 p.m.4 views

0utmailauth (=1.0.0), 0xsodium (>=0.2.0 <=0.14.0) +13812 more potentially affected by CVE-2026-22036 via undici (>=0.3.3 <=6.22.0)

undici NPM version =0.3.3, =0.2.0, =1.0.0, =0.2.0, =0.4.0, =0.1.0, =0.0.1, =1.0.21, =2.1.0, =2.1.0, =2.1.1 and more Source cves: CVE-2026-22036 Source advisory: OSV:GHSA-G9MF-H72J-4RW9...

7.5CVSS6.6AI score0.00433EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/14 9:6 p.m.6 views

@01.software/sdk (>=0.0.1-251008.90016 <=0.1.0-dev.260109.7cf07c9), @adenta/cms (>=0.0.6 <=1.1.1-0) +257 more potentially affected by CVE-2026-22036 via undici (>=7.0.0 <=7.18.0)

undici NPM version =7.0.0, =0.0.1-251008.90016, =0.0.6, =0.0.2, =0.0.33, =0.0.1, =1.0.0, =21.0.0, =0.5.0, =1.0.1-dev.120, =12.6.9, =0.1.6, =0.13.70, =1.13.0, =1.21.0 and more Source cves: CVE-2026-22036 Source advisory: OSV:GHSA-G9MF-H72J-4RW9...

7.5CVSS6.6AI score0.00433EPSS
Exploits0
Circl
Circl
added 2026/01/14 8:28 p.m.2 views

CVE-2026-22036

creationtimestamp| type| source ---|---|--- 2026-01-14 20:28:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcfvtsd2pl2c 2026-01-15 08:20:31+00:00| seen| https://gist.github.com/Darkcrai86/88fd735daaf5212a2932ca1c1bdd8c2f 2026-01-24 21:24:57+00:00| seen|...

7.5CVSS6.4AI score0.00433EPSS
Exploits0References4
OSV
OSV
added 2026/01/14 7:16 p.m.1 views

DEBIAN-CVE-2026-22036

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

7.5CVSS5.9AI score0.00433EPSS
Exploits0References1
Rows per page
Query Builder