GHSA-hwhp-f859-r728LowCVSS 3.3

A flaw in Node.js Permission API can cause a local server to be started (via a Unix domain socket...

Published
June 26, 2026
Last Modified
June 26, 2026

🔗 CVE IDs covered (1)

📋 Description

A flaw in Node.js Permission API can cause a local server to be started (via a Unix domain socket), even without the --allow-net permission.

This vulnerability affects one supported release line: Node.js 26.

🔗 References (3)