Threats Tagged 'cve-2026-21711'
View all threats tagged with 'cve-2026-21711'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-21711'
Click on any threat for detailed analysis and mitigation recommendations
Red Hat Security Advisory: nodejs:24 security updateCVE-2026-1525 0 A security advisory from Red Hat addresses multiple vulnerabilities in the Node. js 24 module and related components such as undici, brace-expansion, minimatch, and nghttp2. These vulnerabilities include various denial of service issues, HTTP request smuggling, information disclosure, permission bypass, and unauthorized inter-process communication. The advisory covers 18 CVEs affecting Red Hat Enterprise Linux 9 and related distributions. The update is rated as important by Red Hat Product Security, and fixes are available through updated packages. Users of affected Red Hat Enterprise Linux versions are advised to apply the provided updates to mitigate these vulnerabilities. Join the discussion | GCVE Database | 04/09/2026, 20:27:37 UTC Added: 05/26/2026, 20:58:45 UTC |
Red Hat Security Advisory: nodejs:24 security updateCVE-2026-1525 0 This Red Hat security advisory addresses multiple vulnerabilities in the Node. js 24 module and related components such as undici, minimatch, and nghttp2. The issues include various denial of service (DoS) vulnerabilities, HTTP request smuggling, information disclosure, permission bypass, unauthorized inter-process communication, and memory leaks. The advisory covers 17 CVEs affecting Red Hat Enterprise Linux 8 and related distributions. Red Hat has released an update to remediate these vulnerabilities. The severity of the overall update is rated as Important by Red Hat, and the advisory provides detailed references and instructions for applying the update. Join the discussion | GCVE Database | 04/13/2026, 03:00:22 UTC Added: 05/26/2026, 20:58:44 UTC |
Red Hat Security Advisory: nodejs24 security updateCVE-2026-1525 0 A security update for Node. js 24 on Red Hat Enterprise Linux 10 addresses multiple vulnerabilities including denial of service, information disclosure, permission bypass, HTTP request smuggling, and unauthorized inter-process communication. The update fixes 18 CVEs affecting components such as undici, nghttp2, brace-expansion, minimatch, and the V8 engine. These vulnerabilities could allow attackers to cause denial of service, leak information, or bypass security restrictions. Red Hat has released patches for these issues as part of advisory RHSA-2026:7675. Join the discussion | GCVE Database | 04/13/2026, 02:27:36 UTC Added: 05/26/2026, 20:58:43 UTC |
CVE-2026-21711: Vulnerability in nodejs nodeCVE-2026-21711 0 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary. This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature. Join the discussion | CVE Database V5 | 03/30/2026, 19:07:28 UTC Added: 03/30/2026, 19:23:19 UTC |
Showing 1 to 4 of 4 results