CNNVD-202601-3175 Information

CNNVD ID

CNNVD-202601-3175

Related CVE

CVE-2026-21636

• CNNVD Published: 2026-01-20

Description (Chinese)

Node.js是Node.js开源的一个开源、跨平台的 JavaScript 运行时环境。 Node.js v25版本存在安全漏洞，该漏洞源于权限模型存在缺陷，允许Unix域套接字连接绕过网络限制，可能导致访问特权本地服务，引发权限提升、数据泄露或本地代码执行。

Description (English)

Node.js is an open-source, cross-platform JavaScript running environment for Node.js. Node.js v25 has a security loophole, which stems from a bug in the permission model, allowing the Unix domain package connection to bypass network restrictions, which may lead to access to privileged local services, leading to a power upgrade, data leak or local code enforcement.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Node.js

Published

2026-01-20

Last Modified

2026-02-24

References

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://access.redhat.com/security/cve/cve-2026-21636

Patch

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases