{"vulnerability": "cve-2026-48933", "sightings": [{"uuid": "9b4c1ddd-28e2-4aa5-baef-cd94354bd3ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48933", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mon66r4i6w2y", "content": "Node.js fixed 13 CVEs across 22.23.0, 24.17.0 and 26.3.1. The two HIGH-rated ones stand out: a WebCrypto AES integer overflow (CVE-2026-48933) that aborts the process, and a TLS authentication bypass (CVE-2026-48618). Is your CI pinned to a patched minor yet?\n\n#nodejs", "creation_timestamp": "2026-06-19T10:48:46.622778Z"}, {"uuid": "8c9fd8b6-47b2-4dc5-9ec1-4d5c7bc261f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48933", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3moni2fdzi32c", "content": "\ud83d\udd17 CVE : CVE-2026-21636, CVE-2026-48615, CVE-2026-48617, CVE-2026-48618, CVE-2026-48619, CVE-2026-48928, CVE-2026-48930, CVE-2026-48931, CVE-2026-48933, CVE-2026-48934, CVE-2026-48935, CVE-2026-48936, CVE-2026-48937", "creation_timestamp": "2026-06-19T13:45:18.313785Z"}, {"uuid": "65930e07-941a-445f-b7e1-4d989341cc2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48933", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3motlougng225", "content": "Node.js\u30012026\u5e746\u6708\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ea\u30ea\u30fc\u30b9\u306712\u4ef6\u306e\u8106\u5f31\u6027\u3092\u4fee\u6b63(CVE-2026-48933,CVE-2026-48618)\u4ed6\n\nrocket-boys.co.jp/security-mea...\n\n#\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56Lab #security #securitynews", "creation_timestamp": "2026-06-22T00:06:27.079098Z"}, {"uuid": "95dc9194-0200-442e-9765-c4fa00395e2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48933", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/node-js-multiple-vulnerabilities_20260622", "content": "", "creation_timestamp": "2026-06-21T19:00:00.000000Z"}, {"uuid": "2e759e89-9722-4ff8-abae-3350145970ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48933", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5vjkhvop2u", "content": "CVE-2026-48933 - Node.js WebCrypto Denial of Service\nCVE ID : CVE-2026-48933\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.\n\nTh...", "creation_timestamp": "2026-06-26T02:29:00.087404Z"}, {"uuid": "d27b5ca8-b7e3-4552-af25-bb7987a26943", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48933", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mp64cqknvp2o", "content": "Node.js WebCrypto (v22.22.3, 24.16.0, 26.3.0) faces a HIGH severity bug \u2014 CVE-2026-48933. Integer overflow in subtle.encrypt() can crash Node.js with 2 GiB+ input. Avoid large inputs & watch for patches. \ud83d\udeab https://radar.offseq.com/threat/cve-2026-48933-cwe-190-integer-overflow-in-nodejs--5c33db78...", "creation_timestamp": "2026-06-26T04:30:28.498694Z"}, {"uuid": "91ac0e7a-e79d-4bd2-a8ff-0aa4f896c93f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48933", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116814526921125903", "content": "Node.js WebCrypto in v22.22.3, v24.16.0, v26.3.0 is affected by CVE-2026-48933 (HIGH). Integer overflow in subtle.encrypt() can crash processes with inputs \u2265 2 GiB, causing DoS. Avoid large inputs while awaiting a fix. \ud83d\udd10 https://radar.offseq.com/threat/cve-2026-48933-cwe-190-integer-overflow-in-nodejs--5c33db78fed81dbe #OffSeq #Nodejs #Vuln", "creation_timestamp": "2026-06-26T04:30:31.789409Z"}]}