Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-6734 (GCVE-0-2026-6734)
Vulnerability from cvelistv5 – Published: 2026-06-17 16:36 – Updated: 2026-06-17 18:26
VLAI
EPSS
Title
undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
Summary
Impact:
When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination.
This causes cross-origin request routing: credentials and request data intended for origin B are sent to origin A, responses from the wrong origin are trusted, and HTTPS requests may be silently downgraded to HTTP.
Impacted users are applications that use Socks5ProxyAgent (directly or via setGlobalDispatcher) and make requests to more than one origin.
This was introduced in undici 7.23.0 via PR #4385 and affects all versions through 8.1.0.
Patches:
Upgrade to undici v7.26.0 or v8.2.0.
Workarounds:
Use a separate Socks5ProxyAgent instance per origin, or avoid using Socks5ProxyAgent with multiple origins.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
Impacted products
Credits
ChALkeR
mcollina
UlisesGascon
deepview-autofix
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6734",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T18:26:41.848641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T18:26:51.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/undici",
"product": "undici",
"vendor": "undici",
"versions": [
{
"lessThan": "7.26.0",
"status": "affected",
"version": "7.23.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "7.26.0",
"versionType": "semver"
},
{
"lessThan": "8.2.0",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "8.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ChALkeR"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "mcollina"
},
{
"lang": "en",
"type": "remediation verifier",
"value": "UlisesGascon"
},
{
"lang": "en",
"type": "finder",
"value": "deepview-autofix"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Impact:\nWhen using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool\u0027s origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination.\n\nThis causes cross-origin request routing: credentials and request data intended for origin B are sent to origin A, responses from the wrong origin are trusted, and HTTPS requests may be silently downgraded to HTTP.\n\nImpacted users are applications that use Socks5ProxyAgent (directly or via setGlobalDispatcher) and make requests to more than one origin.\n\nThis was introduced in undici 7.23.0 via PR #4385 and affects all versions through 8.1.0.\n\nPatches:\nUpgrade to undici v7.26.0 or v8.2.0.\n\nWorkarounds:\nUse a separate Socks5ProxyAgent instance per origin, or avoid using Socks5ProxyAgent with multiple origins."
}
],
"value": "Impact:\nWhen using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool\u0027s origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination.\n\nThis causes cross-origin request routing: credentials and request data intended for origin B are sent to origin A, responses from the wrong origin are trusted, and HTTPS requests may be silently downgraded to HTTP.\n\nImpacted users are applications that use Socks5ProxyAgent (directly or via setGlobalDispatcher) and make requests to more than one origin.\n\nThis was introduced in undici 7.23.0 via PR #4385 and affects all versions through 8.1.0.\n\nPatches:\nUpgrade to undici v7.26.0 or v8.2.0.\n\nWorkarounds:\nUse a separate Socks5ProxyAgent instance per origin, or avoid using Socks5ProxyAgent with multiple origins."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T16:36:55.439Z",
"orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"shortName": "openjs"
},
"references": [
{
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj"
},
{
"url": "https://cna.openjsf.org/security-advisories.html"
}
],
"title": "undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse",
"x_generator": {
"engine": "cve-kit 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"assignerShortName": "openjs",
"cveId": "CVE-2026-6734",
"datePublished": "2026-06-17T16:36:55.439Z",
"dateReserved": "2026-04-20T22:57:40.878Z",
"dateUpdated": "2026-06-17T18:26:51.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"ce714d77-add3-4f53-aff5-83d477b104bb\", \"shortName\": \"openjs\", \"dateUpdated\": \"2026-06-17T16:36:55.439Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Impact:\\nWhen using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool\u0027s origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination.\\n\\nThis causes cross-origin request routing: credentials and request data intended for origin B are sent to origin A, responses from the wrong origin are trusted, and HTTPS requests may be silently downgraded to HTTP.\\n\\nImpacted users are applications that use Socks5ProxyAgent (directly or via setGlobalDispatcher) and make requests to more than one origin.\\n\\nThis was introduced in undici 7.23.0 via PR #4385 and affects all versions through 8.1.0.\\n\\nPatches:\\nUpgrade to undici v7.26.0 or v8.2.0.\\n\\nWorkarounds:\\nUse a separate Socks5ProxyAgent instance per origin, or avoid using Socks5ProxyAgent with multiple origins.\", \"supportingMedia\": [{\"type\": \"text/html\", \"base64\": false, \"value\": \"Impact:\\nWhen using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool\u0027s origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination.\\n\\nThis causes cross-origin request routing: credentials and request data intended for origin B are sent to origin A, responses from the wrong origin are trusted, and HTTPS requests may be silently downgraded to HTTP.\\n\\nImpacted users are applications that use Socks5ProxyAgent (directly or via setGlobalDispatcher) and make requests to more than one origin.\\n\\nThis was introduced in undici 7.23.0 via PR #4385 and affects all versions through 8.1.0.\\n\\nPatches:\\nUpgrade to undici v7.26.0 or v8.2.0.\\n\\nWorkarounds:\\nUse a separate Socks5ProxyAgent instance per origin, or avoid using Socks5ProxyAgent with multiple origins.\"}]}], \"affected\": [{\"vendor\": \"undici\", \"product\": \"undici\", \"defaultStatus\": \"unaffected\", \"versions\": [{\"versionType\": \"semver\", \"status\": \"affected\", \"version\": \"7.23.0\", \"lessThan\": \"7.26.0\"}, {\"versionType\": \"semver\", \"status\": \"unaffected\", \"version\": \"7.26.0\"}, {\"versionType\": \"semver\", \"status\": \"affected\", \"version\": \"8.0.0\", \"lessThan\": \"8.2.0\"}, {\"versionType\": \"semver\", \"status\": \"unaffected\", \"version\": \"8.2.0\"}], \"packageURL\": \"pkg:npm/undici\"}], \"references\": [{\"url\": \"https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj\"}, {\"url\": \"https://cna.openjsf.org/security-advisories.html\"}], \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"ChALkeR\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"mcollina\"}, {\"lang\": \"en\", \"type\": \"remediation verifier\", \"value\": \"UlisesGascon\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"deepview-autofix\"}], \"title\": \"undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-346\", \"lang\": \"en\", \"description\": \"CWE-346: Origin Validation Error\", \"type\": \"CWE\"}]}], \"x_generator\": {\"engine\": \"cve-kit 1.0.0\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-6734\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-17T18:26:41.848641Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-17T18:26:47.055Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-6734\", \"assignerOrgId\": \"ce714d77-add3-4f53-aff5-83d477b104bb\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"openjs\", \"dateReserved\": \"2026-04-20T22:57:40.878Z\", \"datePublished\": \"2026-06-17T16:36:55.439Z\", \"dateUpdated\": \"2026-06-17T18:26:51.736Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-6734
Vulnerability from fkie_nvd - Published: 2026-06-17 18:18 - Updated: 2026-06-17 20:20
Severity
Summary
Impact:
When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination.
This causes cross-origin request routing: credentials and request data intended for origin B are sent to origin A, responses from the wrong origin are trusted, and HTTPS requests may be silently downgraded to HTTP.
Impacted users are applications that use Socks5ProxyAgent (directly or via setGlobalDispatcher) and make requests to more than one origin.
This was introduced in undici 7.23.0 via PR #4385 and affects all versions through 8.1.0.
Patches:
Upgrade to undici v7.26.0 or v8.2.0.
Workarounds:
Use a separate Socks5ProxyAgent instance per origin, or avoid using Socks5ProxyAgent with multiple origins.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/undici",
"product": "undici",
"vendor": "undici",
"versions": [
{
"lessThan": "7.26.0",
"status": "affected",
"version": "7.23.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "7.26.0",
"versionType": "semver"
},
{
"lessThan": "8.2.0",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "8.2.0",
"versionType": "semver"
}
]
}
],
"source": "ce714d77-add3-4f53-aff5-83d477b104bb"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Impact:\nWhen using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool\u0027s origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination.\n\nThis causes cross-origin request routing: credentials and request data intended for origin B are sent to origin A, responses from the wrong origin are trusted, and HTTPS requests may be silently downgraded to HTTP.\n\nImpacted users are applications that use Socks5ProxyAgent (directly or via setGlobalDispatcher) and make requests to more than one origin.\n\nThis was introduced in undici 7.23.0 via PR #4385 and affects all versions through 8.1.0.\n\nPatches:\nUpgrade to undici v7.26.0 or v8.2.0.\n\nWorkarounds:\nUse a separate Socks5ProxyAgent instance per origin, or avoid using Socks5ProxyAgent with multiple origins."
}
],
"id": "CVE-2026-6734",
"lastModified": "2026-06-17T20:20:10.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "ce714d77-add3-4f53-aff5-83d477b104bb",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-6734",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T18:26:41.848641Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-17T18:18:05.617",
"references": [
{
"source": "ce714d77-add3-4f53-aff5-83d477b104bb",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"source": "ce714d77-add3-4f53-aff5-83d477b104bb",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj"
}
],
"sourceIdentifier": "ce714d77-add3-4f53-aff5-83d477b104bb",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "ce714d77-add3-4f53-aff5-83d477b104bb",
"type": "Secondary"
}
]
}
RHSA-2026:7378
Vulnerability from csaf_redhat - Published: 2026-04-10 13:03 - Updated: 2026-06-18 01:21Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.
7.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.
7.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A resource consumption flaw has been discovered in NodeJS. A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the `_.unset` and `_.omit` functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototypes such as `Object.prototype`. This could lead to unexpected application behavior or denial of service.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js's default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
50 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7378",
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59464",
"url": "https://access.redhat.com/security/cve/CVE-2025-59464"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55132",
"url": "https://access.redhat.com/security/cve/CVE-2025-55132"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55131",
"url": "https://access.redhat.com/security/cve/CVE-2025-55131"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55130",
"url": "https://access.redhat.com/security/cve/CVE-2025-55130"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2950",
"url": "https://access.redhat.com/security/cve/CVE-2026-2950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45149",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9697",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6734",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7378.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-18T01:21:13+00:00",
"generator": {
"date": "2026-06-18T01:21:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:7378",
"initial_release_date": "2026-04-10T13:03:00+00:00",
"revision_history": [
{
"date": "2026-04-10T13:03:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-18T01:09:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-18T01:21:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs25-main@aarch64",
"product": {
"name": "nodejs25-main@aarch64",
"product_id": "nodejs25-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs25@25.9.0-1.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs25-main@src",
"product": {
"name": "nodejs25-main@src",
"product_id": "nodejs25-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs25@25.9.0-1.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs25-main@x86_64",
"product": {
"name": "nodejs25-main@x86_64",
"product_id": "nodejs25-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs25@25.9.0-1.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs25-main@noarch",
"product": {
"name": "nodejs25-main@noarch",
"product_id": "nodejs25-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs25-bin@25.9.0-1.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs25-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs25-main@aarch64"
},
"product_reference": "nodejs25-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs25-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs25-main@noarch"
},
"product_reference": "nodejs25-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs25-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs25-main@src"
},
"product_reference": "nodejs25-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs25-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs25-main@x86_64"
},
"product_reference": "nodejs25-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55130",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-01-20T21:03:01.083023+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431352"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Node.js\u2019s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs file permissions bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55130"
},
{
"category": "external",
"summary": "RHBZ#2431352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431352"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55130",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55130",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55130"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.393000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Nodejs file permissions bypass"
},
{
"cve": "CVE-2025-55131",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"discovery_date": "2026-01-20T21:02:45.759578+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431350"
}
],
"notes": [
{
"category": "description",
"text": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js\u0027s buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs uninitialized memory exposure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55131"
},
{
"category": "external",
"summary": "RHBZ#2431350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431350"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55131"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.591000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Nodejs uninitialized memory exposure"
},
{
"cve": "CVE-2025-55132",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-01-20T21:01:12.192484+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431338"
}
],
"notes": [
{
"category": "description",
"text": "A file access flaw has been discovered in NodeJS. A file\u0027s access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs filesystem permissions bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55132"
},
{
"category": "external",
"summary": "RHBZ#2431338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55132",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55132"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.620000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Nodejs filesystem permissions bypass"
},
{
"cve": "CVE-2025-59464",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-20T21:01:52.581156+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431344"
}
],
"notes": [
{
"category": "description",
"text": "A resource consumption flaw has been discovered in NodeJS. A memory leak in Node.js\u2019s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs memory leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59464"
},
{
"category": "external",
"summary": "RHBZ#2431344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59464"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.599000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Nodejs memory leak"
},
{
"cve": "CVE-2026-2950",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-31T20:01:38.424064+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the `_.unset` and `_.omit` functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototypes such as `Object.prototype`. This could lead to unexpected application behavior or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2950"
},
{
"category": "external",
"summary": "RHBZ#2453499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-03-31T19:18:35.796000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass"
},
{
"cve": "CVE-2026-6734",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:04:00.272340+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490024"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as an Important security flaw. The `undici` library, when configured with `Socks5ProxyAgent` to handle requests for multiple origins, incorrectly reuses connection pools. This can lead to sensitive data and credentials being misrouted to unintended destinations, potentially downgrading HTTPS connections to HTTP and compromising data integrity and confidentiality. Red Hat products utilizing `undici` with `Socks5ProxyAgent` in multi-origin scenarios are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "RHBZ#2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj"
}
],
"release_date": "2026-06-17T16:36:55.439000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "The single most impactful mitigation is applying network egress controls to restrict which external destinations affected applications can reach. Because the vulnerability causes requests to be misrouted to wrong origins, limiting the set of reachable origins directly reduces the attack surface. These controls collectively limit the blast radius of the connection pool misrouting \u2014 the attacker must compromise one of the explicitly allowed destinations rather than any arbitrary origin \u2014 but they do not fix the underlying logic bug.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing"
},
{
"cve": "CVE-2026-9697",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-17T19:03:30.813843+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici\u0027s ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js\u0027s default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability. Applications using `undici`\u0027s `ProxyAgent` with a SOCKS5 proxy URI will silently ignore user-configured TLS options, including custom Certificate Authorities. This bypasses intended security controls for HTTPS communication, enabling a remote attacker to perform Man-in-the-Middle attacks, potentially leading to information disclosure or arbitrary code execution in affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "RHBZ#2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g"
}
],
"release_date": "2026-06-17T16:46:42.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy"
},
{
"cve": "CVE-2026-45149",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-29T21:02:00.092772+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483481"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "RHBZ#2483481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45149",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2",
"url": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2"
}
],
"release_date": "2026-05-29T19:55:07.337000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…