6 matches found
ROOT-APP-NPM-CVE-2026-22036 CVE-2026-22036 in @rootio/undici - Patched by Root
Root has patched CVE-2026-22036 in the @rootio/undici package for Root:npm. Multiple fixed versions available...
CVE-2026-22036 vulnerabilities
Vulnerabilities for packages: gemini-cli, langfuse-fips, code-server, kibana, librechat, renovate, jitsucom-jitsu, langfuse...
0utmailauth (=1.0.0), 0xsodium (>=0.2.0 <=0.14.0) +13812 more potentially affected by CVE-2026-22036 via undici (>=0.3.3 <=6.22.0)
undici NPM version =0.3.3, =0.2.0, =1.0.0, =0.2.0, =0.4.0, =0.1.0, =0.0.1, =1.0.21, =2.1.0, =2.1.0, =2.1.1 and more Source cves: CVE-2026-22036 Source advisory: OSV:GHSA-G9MF-H72J-4RW9...
@01.software/sdk (>=0.0.1-251008.90016 <=0.1.0-dev.260109.7cf07c9), @adenta/cms (>=0.0.6 <=1.1.1-0) +257 more potentially affected by CVE-2026-22036 via undici (>=7.0.0 <=7.18.0)
undici NPM version =7.0.0, =0.0.1-251008.90016, =0.0.6, =0.0.2, =0.0.33, =0.0.1, =1.0.0, =21.0.0, =0.5.0, =1.0.1-dev.120, =12.6.9, =0.1.6, =0.13.70, =1.13.0, =1.21.0 and more Source cves: CVE-2026-22036 Source advisory: OSV:GHSA-G9MF-H72J-4RW9...
CVE-2026-22036
creationtimestamp| type| source ---|---|--- 2026-01-14 20:28:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcfvtsd2pl2c 2026-01-15 08:20:31+00:00| seen| https://gist.github.com/Darkcrai86/88fd735daaf5212a2932ca1c1bdd8c2f 2026-01-24 21:24:57+00:00| seen|...
DEBIAN-CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...