Back

Critical Denial of Service Vulnerabilities in Node.js 20 Affect Fedora Users

Severity: High (Score: 74.0)

Sources: Linuxsecurity

Summary

Multiple denial of service vulnerabilities have been identified in Node.js version 20, affecting Fedora operating systems. The vulnerabilities include CVE-2026-21717, CVE-2026-21714, CVE-2026-21713, and CVE-2026-21716, all published on March 30, 2026. These vulnerabilities exploit predictable hash collisions, crafted HTTP/2 frames, timing oracle issues, and permission bypasses, posing significant risks to applications using Node.js. Additionally, CVE-2026-1525, CVE-2026-1526, CVE-2026-1528, and CVE-2026-1527, published on March 12, 2026, highlight further denial of service risks via WebSocket frames and HTTP request smuggling. The latest updates to Node.js version 20.20.2 aim to address these issues, but users are urged to apply patches immediately. The vulnerabilities could allow attackers to disrupt services and potentially gain unauthorized access to sensitive data. Users of Fedora 43 and 44 are particularly affected and should prioritize updates. Key Points: • Multiple critical denial of service vulnerabilities identified in Node.js 20. • Affected systems include Fedora 43 and 44, with urgent patches available. • Exploitation methods include predictable hash collisions and crafted HTTP/2 frames.

Key Entities

  • Data Breach (attack_type)
  • DDoS (attack_type)
  • Denial of Service (attack_type)
  • CVE-2026-1525 (cve)
  • CVE-2026-1526 (cve)
  • CVE-2026-1527 (cve)
  • CVE-2026-1528 (cve)
  • CVE-2026-21713 (cve)
  • Nghttp2 (platform)
  • Node.js (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed