CVE-2026-48934
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
A flaw in Node.js TLS host verification allows an attacker to bypass certificate validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.
Risk Assessment
An attacker can exploit this vulnerability to perform a man-in-the-middle attack, impersonating a trusted server and intercepting or modifying transmitted data.
Recommendation
Immediately update Node.js to the latest patched version for the used release line (22, 24, or 26).
Original NVD description (English source)
A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

