RHSA-2026:39246HighCVSS 8.1

Red Hat Security Advisory: nodejs22 security update

Published
July 14, 2026
Last Modified
July 14, 2026

🔗 CVE IDs covered (5)

📋 Description

CVE-2026-12151 — undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames CVE-2026-42338 — ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-48615 — nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling CVE-2026-48618 — nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch CVE-2026-48933 — nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

🔗 References (8)