Threats Tagged 'cve-2026-27904'

Red Hat has issued a security advisory for Node. js 20 on Red Hat Enterprise Linux 9 addressing multiple denial of service vulnerabilities. These include issues in the minimatch library (CVE-2026-26996 and CVE-2026-27904) involving denial of service via crafted glob patterns and catastrophic backtracking, a denial of service in nghttp2 via malformed HTTP/2 frames (CVE-2026-27135), and a denial of service in Node. js triggered by a crafted HTTP __proto__ header (CVE-2026-21710). The advisory rates the update as important and provides updated packages to remediate these issues. No known exploits in the wild have been reported. The advisory references official Red Hat documentation for applying the update.

Multiple denial of service vulnerabilities have been identified in Node. js 20 and related components such as minimatch and nghttp2, affecting Red Hat Enterprise Linux 8. These vulnerabilities include denial of service via specially crafted glob patterns, catastrophic backtracking in glob expressions, malformed HTTP/2 frames after session termination, and crafted HTTP __proto__ headers. Red Hat has issued an important security advisory (RHSA-2026:8339) addressing these issues with updated packages. The advisory provides instructions for applying the update to mitigate these vulnerabilities.

This advisory addresses multiple denial of service (DoS) vulnerabilities in Node. js 20 and related components on Red Hat Enterprise Linux 9. 4 Extended Update Support. The issues include DoS via specially crafted glob patterns and catastrophic backtracking in the minimatch library, malformed HTTP/2 frames in nghttp2, and a crafted HTTP __proto__ header in Node. js itself. These vulnerabilities could cause service disruption by exhausting resources or crashing affected applications. Red Hat has released security updates to fix these issues in the nodejs:20 module. The advisory rates the overall impact as Important (high severity).

A security update for Node. js 20 on Red Hat Enterprise Linux 9. 6 addresses multiple denial of service vulnerabilities. These include issues in the minimatch library related to specially crafted glob patterns and catastrophic backtracking, a flaw in nghttp2 involving malformed HTTP/2 frames after session termination, and a Node. js vulnerability triggered by a crafted HTTP __proto__ header. The update is rated as Important by Red Hat Product Security. No known exploits in the wild have been reported. The advisory provides updated packages to remediate these issues.

This Red Hat security advisory addresses multiple denial of service (DoS) vulnerabilities in Node. js 22 and its dependencies, including brace-expansion, minimatch, undici, nghttp2, and Node. js core. The vulnerabilities involve issues such as unbounded brace range expansion, crafted glob patterns causing catastrophic backtracking, unbounded memory consumption during WebSocket decompression, HTTP request smuggling, malformed HTTP/2 frames, and crafted HTTP headers. These flaws could allow an attacker to cause service disruption by exhausting resources or causing crashes. The advisory covers Red Hat Enterprise Linux 9. 6 Extended Update Support and related variants. Red Hat has issued an important security update to address these issues. No known exploits in the wild have been reported at this time.

Multiple denial of service vulnerabilities have been identified in Node. js and several of its dependencies, including undici, minimatch, brace-expansion, and nghttp2, affecting Red Hat Enterprise Linux 10 with nodejs22. These vulnerabilities allow denial of service through various means such as unbounded memory consumption, malformed HTTP/2 frames, crafted WebSocket frames, and specially crafted glob patterns. An important security update from Red Hat addresses these issues. The vulnerabilities are rated as having a high security impact. Administrators should apply the provided Red Hat update to remediate these issues.

Multiple denial of service vulnerabilities have been identified in Node. js and several of its dependencies, including brace-expansion, minimatch, undici, and nghttp2, affecting Red Hat Enterprise Linux 8's nodejs:22 module. These vulnerabilities allow denial of service via various vectors such as unbounded brace range expansion, crafted glob patterns, WebSocket frame manipulation, HTTP request smuggling, malformed HTTP/2 frames, and crafted HTTP headers. Red Hat has issued an important security update addressing these issues. The update rebases nodejs:22 to the latest Node. js 22 release and fixes all listed vulnerabilities. Users of affected Red Hat Enterprise Linux versions should apply the update as per Red Hat's guidance to mitigate these denial of service risks.

Multiple denial of service vulnerabilities and an HTTP request smuggling issue have been identified in Node. js and its dependencies, including brace-expansion, minimatch, undici, and nghttp2. These vulnerabilities affect Red Hat Enterprise Linux 9's nodejs:22 module. The issues include unbounded memory consumption, catastrophic backtracking, malformed HTTP/2 frames, and crafted HTTP headers that can cause denial of service or HTTP request smuggling. Red Hat has released an important security update addressing these vulnerabilities. Users of affected Red Hat Enterprise Linux versions should apply the update to mitigate these risks.

Red Hat has issued a security advisory for nodejs22 on Red Hat Enterprise Linux 10. 0 Extended Update Support addressing multiple denial of service vulnerabilities in Node. js and associated libraries such as minimatch, undici, and nghttp2. The vulnerabilities include denial of service via crafted glob patterns, WebSocket decompression issues, HTTP request smuggling, malformed HTTP/2 frames, and crafted HTTP headers. These issues could allow an attacker to cause service disruption. The advisory provides updated packages to remediate these vulnerabilities.

Red Hat Developer Hub (RHDH) version 1. 9. 4 addresses multiple critical security vulnerabilities affecting its enterprise-grade developer portal platform. RHDH is a self-managed, customizable portal based on Backstage. io, supporting major Kubernetes clusters. The advisory references 25 CVEs including CVE-2025-62718 and others, indicating a broad set of security issues. The vendor has released RHDH 1. 9. 4 to fix these vulnerabilities. No known exploits are reported in the wild at this time.