CNNVD-202601-3186 Information
Jan 20, 2026
cve
CNNVD ID
CNNVD-202601-3186
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
Node.js是Node.js开源的一个开源、跨平台的 JavaScript 运行时环境。 Node.js v20版本、v22版本、v24版本和v25版本存在安全漏洞,该漏洞源于权限模型缺陷,可能导致攻击者绕过文件系统读写限制,实现任意文件读写和潜在系统破解。
Description (English)
Node.js is an open-source, cross-platform JavaScript running environment for Node.js. Node.js v20, v22, v24 and v25 have a security loophole, which stems from a power model defect that could lead the attackers to bypass the reading and writing restrictions of the document system and to achieve the reading and writing of any document and potential system breakdown.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Node.js
Published
2026-01-20
Last Modified
2026-02-24
References
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
Patch
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
Share on: