Critical Security Flaws in Node.js 22 Affecting openSUSE and SUSE Systems

Critical Security Flaws in Node.js 22 Affecting openSUSE and SUSE Systems

First seen 21 Apr 2026, 19:29 UTC Linuxsecurity 97% similarity 70.5

Article Content

Browse articles
ThreatCluster

A significant security update for Node.js 22 has been released, addressing multiple vulnerabilities affecting openSUSE Leap 15.6 and SUSE Linux Enterprise Server 15 SP6. The update includes fixes for CVE-2026-21717, which allows for performance degradation through predictable hash collisions, and CVE-2026-21716, which permits unauthorized modifications to file permissions due to an incomplete fix from a previous vulnerability. Other critical issues include CVE-2026-21715, allowing file existence disclosure, and CVE-2026-21714, which can lead to resource exhaustion via memory leaks in the HTTP/2 server. These vulnerabilities were all published on March 30, 2026, and pose significant risks to systems using Node.js 22. Users are advised to apply the updates immediately to mitigate potential exploitation. The advisory emphasizes the importance of patching to prevent performance impacts and unauthorized access.

Key Points: • Multiple critical vulnerabilities in Node.js 22 require immediate patching. • CVE-2026-21716 allows unauthorized file permission modifications. • Resource exhaustion and performance degradation are significant risks.

ThreatCluster AI

Timeline

2024-09-07
CVE-2024-36137 published
2026-01-20
CVE-2026-21637 published
2026-03-30
CVE-2026-21717, CVE-2026-21716, CVE-2026-21715, CVE-2026-21714 published
2026-03-30
CVE-2026-21713 published
2026-03-30
CVE-2026-21710 published
2026-04-20
SUSE 15 SP7 Node.js 22 update released
2026-04-21
openSUSE 15.6 Node.js 22 update released

Community

Browse all →