- Description
- A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
- Source
- support@hackerone.com
- NVD status
- Modified
- Products
- node.js
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
⚠️ Vulnerabilidades en productos Node.js ❗ CVE-2026-48933 ❗ CVE-2026-48618 ➡️ Más info: https://t.co/T7ozh8Eldm https://t.co/HuO8PJ3WnA
@CERTpy
2 Jul 2026
206 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Node.js、2026年6月のセキュリティリリースで12件の脆弱性を修正(CVE-2026-48933,CVE-2026-48618)他 https://t.co/9aJi3HQB4i #セキュリティ対策Lab #security #securitynews
@securityLab_jp
22 Jun 2026
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Node.js patched all active LTS lines on June 18. CVE-2026-48618: IPv6 dots bypass TLS wildcard certs. CVE-2026-48933: WebCrypto AES crash, remote process abort. Patch to 22.23.0 / 24.17.0 / 26.3.1. How long before your team ships this?
@dartilesm
21 Jun 2026
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Node.js shipped 22.23.0, 24.17.0 and 26.3.1 on June 18, fixing 13 CVEs. Two are rated HIGH: CVE-2026-48933, a WebCrypto AES integer overflow that aborts the process, and CVE-2026-48618, a TLS wildcard-depth check fooled by a Unicode dot separator. Which release line do you run?
@canartuc
19 Jun 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Node.jsが複数の深刻な脆弱性を修正。WebCrypto AESの整数オーバーフローCVE-2026-48933とTLSのホスト名取扱におけるUnicode中点の取扱不備CVE-2026-48618。その他脆弱性複数も修正されている。 https://t.co/mt8onCMwN7
@__kokumoto
18 Jun 2026
412 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Protect your servers with the latest Node.js security updates. Patch critical vulnerabilities like CVE-2026-48933 to secure your infrastructure today. #NodeJS #SecurityUpdates #Cybersecurity #CVE #WebSecurity https://t.co/NyM9rB2X29 https://t.co/gAz8IUJpzm
@the_yellow_fall
18 Jun 2026
345 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:22.22.3:*:*:*:-:*:*:*",
"matchCriteriaId": "3C0C5080-5F99-4651-9855-2DE03C9070C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:24.16.0:*:*:*:-:*:*:*",
"matchCriteriaId": "3B912C84-1AA5-4D74-AB1A-64162C80A33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:26.3.0:*:*:*:-:*:*:*",
"matchCriteriaId": "8152ACE6-3CAF-4CA0-8B19-D4753811EB44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]