CVE-2026-48931

CVSS Score & Metrics

Base Score

3.7 / 10

Vector String

                                        CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N                                    

Vulnerability Description

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request.

This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Vulnerability Details

Published Date

June 22, 2026

Last Modified

June 22, 2026

CWE ID

CWE-367

Source

NVD

Vendor

nodejs

Product

node

External References

https://nodejs.org/en/blog/vulnerability/june-2026-security-releases

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment