A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.
This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Node.js | Nodejs | 22.22.3 (including) | 22.22.3 (including) |
| Node.js | Nodejs | 24.16.0 (including) | 24.16.0 (including) |
| Node.js | Nodejs | 26.3.0 (including) | 26.3.0 (including) |
| Red Hat Enterprise Linux 10 | RedHat | nodejs24-1:24.18.0-1.el10_2 | * |
| Red Hat Enterprise Linux 10 | RedHat | nodejs22-1:22.23.1-2.el10_2 | * |
| Red Hat Enterprise Linux 9 | RedHat | nodejs:24-9080020260626074955.rhel9 | * |
| Red Hat Enterprise Linux 9 | RedHat | nodejs:22-9080020260626075442.rhel9 | * |
| Red Hat Hardened Images | RedHat | nodejs26-main-26.4.0-1.3.hum1 | * |
| Red Hat Hardened Images | RedHat | nodejs24-main-24.18.0-0.2.hum1 | * |
| Red Hat Hardened Images | RedHat | nodejs22-main-22.23.1-2.hum1 | * |
| Red Hat Hardened Images | RedHat | nodejs25-main-25.9.0-1.1.hum1 | * |
| Red Hat Hardened Images | RedHat | nodejs20-main-20.20.2-1.hum1 | * |
| Nodejs | Ubuntu | questing | * |