CVE Catalog

CVE-2026-48934

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

A flaw in Node.js TLS host verification allows an attacker to bypass certificate validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.

Risk Assessment

An attacker can exploit this vulnerability to perform a man-in-the-middle attack, impersonating a trusted server and intercepting or modifying transmitted data.

Recommendation

Immediately update Node.js to the latest patched version for the used release line (22, 24, or 26).

Original NVD description (English source)

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS