Back

Critical Security Flaws in Node.js 22 Affecting openSUSE and SUSE Systems

Severity: High (Score: 70.5)

Sources: Linuxsecurity

Summary

A significant security update for Node.js 22 has been released, addressing multiple vulnerabilities affecting openSUSE Leap 15.6 and SUSE Linux Enterprise Server 15 SP6. The update includes fixes for CVE-2026-21717, which allows for performance degradation through predictable hash collisions, and CVE-2026-21716, which permits unauthorized modifications to file permissions due to an incomplete fix from a previous vulnerability. Other critical issues include CVE-2026-21715, allowing file existence disclosure, and CVE-2026-21714, which can lead to resource exhaustion via memory leaks in the HTTP/2 server. These vulnerabilities were all published on March 30, 2026, and pose significant risks to systems using Node.js 22. Users are advised to apply the updates immediately to mitigate potential exploitation. The advisory emphasizes the importance of patching to prevent performance impacts and unauthorized access. Key Points: • Multiple critical vulnerabilities in Node.js 22 require immediate patching. • CVE-2026-21716 allows unauthorized file permission modifications. • Resource exhaustion and performance degradation are significant risks.

Key Entities

  • CVE-2024-36137 (cve)
  • CVE-2026-21637 (cve)
  • CVE-2026-21710 (cve)
  • CVE-2026-21713 (cve)
  • CVE-2026-21714 (cve)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • CWE-22 - Path Traversal (cwe)
  • CWE-269 - Improper Privilege Management (cwe)
  • Node.js (tool)
  • OpenSUSE Leap 15.6 (platform)
  • SUSE Linux Enterprise Server 15 SP6 LTSS (platform)
  • SUSE Linux Enterprise Server For SAP Applications 15 SP6 (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed