CVE-2026-48930
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
5.6 / 10
Vector String
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Description
A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-284
Source
NVD
Vendor
nodejs
Product
node
Discussion (0)
Add Comment
No comments yet. Be the first!