GHSA-3h92-9jcv-8677MediumCVSS 4.2
A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context...
🔗 CVE IDs covered (1)
📋 Description
A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups.
This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.