Threats Tagged 'cve-2026-2581'

A security advisory from Red Hat addresses multiple vulnerabilities in the Node. js 24 module and related components such as undici, brace-expansion, minimatch, and nghttp2. These vulnerabilities include various denial of service issues, HTTP request smuggling, information disclosure, permission bypass, and unauthorized inter-process communication. The advisory covers 18 CVEs affecting Red Hat Enterprise Linux 9 and related distributions. The update is rated as important by Red Hat Product Security, and fixes are available through updated packages. Users of affected Red Hat Enterprise Linux versions are advised to apply the provided updates to mitigate these vulnerabilities.

This Red Hat security advisory addresses multiple vulnerabilities in the Node. js 24 module and related components such as undici, minimatch, and nghttp2. The issues include various denial of service (DoS) vulnerabilities, HTTP request smuggling, information disclosure, permission bypass, unauthorized inter-process communication, and memory leaks. The advisory covers 17 CVEs affecting Red Hat Enterprise Linux 8 and related distributions. Red Hat has released an update to remediate these vulnerabilities. The severity of the overall update is rated as Important by Red Hat, and the advisory provides detailed references and instructions for applying the update.

A security update for Node. js 24 on Red Hat Enterprise Linux 10 addresses multiple vulnerabilities including denial of service, information disclosure, permission bypass, HTTP request smuggling, and unauthorized inter-process communication. The update fixes 18 CVEs affecting components such as undici, nghttp2, brace-expansion, minimatch, and the V8 engine. These vulnerabilities could allow attackers to cause denial of service, leak information, or bypass security restrictions. Red Hat has released patches for these issues as part of advisory RHSA-2026:7675.