CVE Vulnerabilities

CVE-2026-48934

Published: Jun 26, 2026 | Modified: Jun 29, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
4.3 MODERATE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.

This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.

Affected Software

NameVendorStart VersionEnd Version
Node.jsNodejs22.22.3 (including)22.22.3 (including)
Node.jsNodejs24.16.0 (including)24.16.0 (including)
Node.jsNodejs26.3.0 (including)26.3.0 (including)
Red Hat Enterprise Linux 10RedHatnodejs24-1:24.18.0-1.el10_2*
Red Hat Enterprise Linux 10RedHatnodejs22-1:22.23.1-2.el10_2*
Red Hat Enterprise Linux 9RedHatnodejs:24-9080020260626074955.rhel9*
Red Hat Enterprise Linux 9RedHatnodejs:22-9080020260626075442.rhel9*
Red Hat Hardened ImagesRedHatnodejs26-main-26.4.0-1.3.hum1*
Red Hat Hardened ImagesRedHatnodejs24-main-24.18.0-0.2.hum1*
Red Hat Hardened ImagesRedHatnodejs22-main-22.23.1-2.hum1*
Red Hat Hardened ImagesRedHatnodejs25-main-25.9.0-1.1.hum1*
Red Hat Hardened ImagesRedHatnodejs20-main-20.20.2-1.hum1*
NodejsUbuntuquesting*

References