CVE-2026-48934

Summary

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.

This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.

Affected Software

VendorProductVersion RangeStatus
nodejsnode22.22.3 <= 22.22.3affected
nodejsnode24.16.0 <= 24.16.0affected
nodejsnode26.3.0 <= 26.3.0affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References