CNNVD-202601-3174 Information

CNNVD ID

CNNVD-202601-3174

Related CVE

CVE-2026-21637

• CNNVD Published: 2026-01-20

Description (Chinese)

Node.js是Node.js开源的一个开源、跨平台的 JavaScript 运行时环境。 Node.js存在安全漏洞，该漏洞源于TLS错误处理存在缺陷，当使用pskCallback或ALPNCallback时，远程攻击者可能使TLS服务器崩溃或耗尽资源，导致拒绝服务。

Description (English)

Node.js is an open-source, cross-platform JavaScript running environment for Node.js. There is a security loophole in Node.js, which stems from deficiencies in TLS error handling, and when pskCallback or ALPNCallback are used, remote attackers may cause the TLS server to collapse or exhaust resources, leading to the denial of services.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Node.js

Published

2026-01-20

Last Modified

2026-02-24

References

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://access.redhat.com/security/cve/cve-2026-21637

Patch

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases