Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-21710 (GCVE-0-2026-21710)
Vulnerability from cvelistv5 – Published: 2026-03-30 19:07 – Updated: 2026-03-31 13:55
VLAI?
EPSS
Summary
A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.
When this occurs, `dest["__proto__"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.
* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node |
Affected:
20.20.1 , ≤ 20.20.1
(semver)
Affected: 22.22.1 , ≤ 22.22.1 (semver) Affected: 24.14.0 , ≤ 24.14.0 (semver) Affected: 25.8.1 , ≤ 25.8.1 (semver) Affected: 4.0 , < 4.* (semver) Affected: 5.0 , < 5.* (semver) Affected: 6.0 , < 6.* (semver) Affected: 7.0 , < 7.* (semver) Affected: 8.0 , < 8.* (semver) Affected: 9.0 , < 9.* (semver) Affected: 10.0 , < 10.* (semver) Affected: 11.0 , < 11.* (semver) Affected: 12.0 , < 12.* (semver) Affected: 13.0 , < 13.* (semver) Affected: 14.0 , < 14.* (semver) Affected: 15.0 , < 15.* (semver) Affected: 16.0 , < 16.* (semver) Affected: 17.0 , < 17.* (semver) Affected: 18.0 , < 18.* (semver) Affected: 19.0 , < 19.* (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T13:55:20.665443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T13:55:23.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "node",
"vendor": "nodejs",
"versions": [
{
"lessThanOrEqual": "20.20.1",
"status": "affected",
"version": "20.20.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "22.22.1",
"status": "affected",
"version": "22.22.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.14.0",
"status": "affected",
"version": "24.14.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.8.1",
"status": "affected",
"version": "25.8.1",
"versionType": "semver"
},
{
"lessThan": "4.*",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThan": "5.*",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThan": "6.*",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThan": "7.*",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThan": "8.*",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThan": "9.*",
"status": "affected",
"version": "9.0",
"versionType": "semver"
},
{
"lessThan": "10.*",
"status": "affected",
"version": "10.0",
"versionType": "semver"
},
{
"lessThan": "11.*",
"status": "affected",
"version": "11.0",
"versionType": "semver"
},
{
"lessThan": "12.*",
"status": "affected",
"version": "12.0",
"versionType": "semver"
},
{
"lessThan": "13.*",
"status": "affected",
"version": "13.0",
"versionType": "semver"
},
{
"lessThan": "14.*",
"status": "affected",
"version": "14.0",
"versionType": "semver"
},
{
"lessThan": "15.*",
"status": "affected",
"version": "15.0",
"versionType": "semver"
},
{
"lessThan": "16.*",
"status": "affected",
"version": "16.0",
"versionType": "semver"
},
{
"lessThan": "17.*",
"status": "affected",
"version": "17.0",
"versionType": "semver"
},
{
"lessThan": "18.*",
"status": "affected",
"version": "18.0",
"versionType": "semver"
},
{
"lessThan": "19.*",
"status": "affected",
"version": "19.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**"
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T19:07:28.558Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-21710",
"datePublished": "2026-03-30T19:07:28.558Z",
"dateReserved": "2026-01-04T15:00:06.574Z",
"dateUpdated": "2026-03-31T13:55:23.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-21710",
"date": "2026-05-21",
"epss": "0.00031",
"percentile": "0.08962"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-21710\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2026-03-30T20:16:18.210\",\"lastModified\":\"2026-04-01T14:24:21.833\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\\r\\n\\r\\nWhen this occurs, `dest[\\\"__proto__\\\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\\r\\n\\r\\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**\"},{\"lang\":\"es\",\"value\":\"Un fallo en el manejo de solicitudes HTTP de Node.js provoca un \u0027TypeError\u0027 no capturado cuando se recibe una solicitud con un encabezado llamado \u0027__proto__\u0027 y la aplicaci\u00f3n accede a \u0027req.headersDistinct\u0027.\\n\\nCuando esto ocurre, \u0027dest[\\\"__proto__\\\"]\u0027 se resuelve como \u0027Object.prototype\u0027 en lugar de \u0027undefined\u0027, lo que provoca que se llame a \u0027.push()\u0027 en un no-array. Esta excepci\u00f3n se lanza sincr\u00f3nicamente dentro de un accesor de propiedad y no puede ser interceptada por los oyentes de eventos \u0027error\u0027, lo que significa que no puede ser manejada sin envolver cada acceso a \u0027req.headersDistinct\u0027 en un \u0027try/catch\u0027.\\n\\n* Esta vulnerabilidad afecta a todos los servidores HTTP de Node.js en 20.x, 22.x, 24.x y v25.x\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"references\":[{\"url\":\"https://nodejs.org/en/blog/vulnerability/march-2026-security-releases\",\"source\":\"support@hackerone.com\"}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"metrics\": [{\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\"}}], \"affected\": [{\"vendor\": \"nodejs\", \"product\": \"node\", \"versions\": [{\"status\": \"affected\", \"version\": \"20.20.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"20.20.1\"}, {\"status\": \"affected\", \"version\": \"22.22.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"22.22.1\"}, {\"status\": \"affected\", \"version\": \"24.14.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"24.14.0\"}, {\"status\": \"affected\", \"version\": \"25.8.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"25.8.1\"}, {\"status\": \"affected\", \"version\": \"4.0\", \"lessThan\": \"4.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.0\", \"lessThan\": \"5.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"6.0\", \"lessThan\": \"6.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"lessThan\": \"7.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"8.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"9.0\", \"lessThan\": \"9.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.0\", \"lessThan\": \"10.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"11.0\", \"lessThan\": \"11.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"12.0\", \"lessThan\": \"12.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"13.0\", \"lessThan\": \"13.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"14.0\", \"lessThan\": \"14.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"15.0\", \"lessThan\": \"15.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"16.0\", \"lessThan\": \"16.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"17.0\", \"lessThan\": \"17.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"18.0\", \"lessThan\": \"18.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"19.0\", \"lessThan\": \"19.*\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://nodejs.org/en/blog/vulnerability/march-2026-security-releases\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\\r\\n\\r\\nWhen this occurs, `dest[\\\"__proto__\\\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\\r\\n\\r\\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**\"}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2026-03-30T19:07:28.558Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-21710\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-31T13:55:20.665443Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2026-03-31T13:55:13.442Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-21710\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-30T19:07:28.558Z\", \"dateReserved\": \"2026-01-04T15:00:06.574Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2026-03-30T19:07:28.558Z\", \"assignerShortName\": \"hackerone\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:1509-1
Vulnerability from csaf_suse - Published: 2026-04-21 06:27 - Updated: 2026-04-21 06:27Summary
Security update for nodejs22
Severity
Important
Notes
Title of the patch: Security update for nodejs22
Description of the patch: This update for nodejs22 fixes the following issues:
Update to version 22.22.2.
- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for
performance degradation via a crafted request (bsc#1260494).
- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file
permissions and ownership on already-open file descriptors (bsc#1260462).
- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and
filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).
- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent
on stream 0 (bsc#1260480).
- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and
potential MAC forgery (bsc#1260463).
- CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a
header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455).
- CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or
`ALPNCallback` are in use (bsc#1256576).
Patchnames: SUSE-2026-1509,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1509,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1509
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.4 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs22",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs22 fixes the following issues:\n\nUpdate to version 22.22.2.\n\n- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8\u0027s string hashing mechanism allows for\n performance degradation via a crafted request (bsc#1260494).\n- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file\n permissions and ownership on already-open file descriptors (bsc#1260462).\n- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and\n filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).\n- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent\n on stream 0 (bsc#1260480).\n- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and\n potential MAC forgery (bsc#1260463).\n- CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a\n header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455).\n- CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or\n `ALPNCallback` are in use (bsc#1256576).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1509,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1509,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1509",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1509-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1509-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261509-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1509-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025509.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256576",
"url": "https://bugzilla.suse.com/1256576"
},
{
"category": "self",
"summary": "SUSE Bug 1260455",
"url": "https://bugzilla.suse.com/1260455"
},
{
"category": "self",
"summary": "SUSE Bug 1260462",
"url": "https://bugzilla.suse.com/1260462"
},
{
"category": "self",
"summary": "SUSE Bug 1260463",
"url": "https://bugzilla.suse.com/1260463"
},
{
"category": "self",
"summary": "SUSE Bug 1260480",
"url": "https://bugzilla.suse.com/1260480"
},
{
"category": "self",
"summary": "SUSE Bug 1260482",
"url": "https://bugzilla.suse.com/1260482"
},
{
"category": "self",
"summary": "SUSE Bug 1260494",
"url": "https://bugzilla.suse.com/1260494"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21710 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21713 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21717 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21717/"
}
],
"title": "Security update for nodejs22",
"tracking": {
"current_release_date": "2026-04-21T06:27:53Z",
"generator": {
"date": "2026-04-21T06:27:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1509-1",
"initial_release_date": "2026-04-21T06:27:53Z",
"revision_history": [
{
"date": "2026-04-21T06:27:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.22.2-150600.13.15.1.aarch64",
"product": {
"name": "corepack22-22.22.2-150600.13.15.1.aarch64",
"product_id": "corepack22-22.22.2-150600.13.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.22.2-150600.13.15.1.aarch64",
"product": {
"name": "nodejs22-22.22.2-150600.13.15.1.aarch64",
"product_id": "nodejs22-22.22.2-150600.13.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"product": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"product_id": "nodejs22-devel-22.22.2-150600.13.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm22-22.22.2-150600.13.15.1.aarch64",
"product": {
"name": "npm22-22.22.2-150600.13.15.1.aarch64",
"product_id": "npm22-22.22.2-150600.13.15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.22.2-150600.13.15.1.i586",
"product": {
"name": "corepack22-22.22.2-150600.13.15.1.i586",
"product_id": "corepack22-22.22.2-150600.13.15.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs22-22.22.2-150600.13.15.1.i586",
"product": {
"name": "nodejs22-22.22.2-150600.13.15.1.i586",
"product_id": "nodejs22-22.22.2-150600.13.15.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.22.2-150600.13.15.1.i586",
"product": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.i586",
"product_id": "nodejs22-devel-22.22.2-150600.13.15.1.i586"
}
},
{
"category": "product_version",
"name": "npm22-22.22.2-150600.13.15.1.i586",
"product": {
"name": "npm22-22.22.2-150600.13.15.1.i586",
"product_id": "npm22-22.22.2-150600.13.15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"product": {
"name": "nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"product_id": "nodejs22-docs-22.22.2-150600.13.15.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.22.2-150600.13.15.1.ppc64le",
"product": {
"name": "corepack22-22.22.2-150600.13.15.1.ppc64le",
"product_id": "corepack22-22.22.2-150600.13.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-22.22.2-150600.13.15.1.ppc64le",
"product": {
"name": "nodejs22-22.22.2-150600.13.15.1.ppc64le",
"product_id": "nodejs22-22.22.2-150600.13.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"product": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"product_id": "nodejs22-devel-22.22.2-150600.13.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm22-22.22.2-150600.13.15.1.ppc64le",
"product": {
"name": "npm22-22.22.2-150600.13.15.1.ppc64le",
"product_id": "npm22-22.22.2-150600.13.15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.22.2-150600.13.15.1.s390x",
"product": {
"name": "corepack22-22.22.2-150600.13.15.1.s390x",
"product_id": "corepack22-22.22.2-150600.13.15.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-22.22.2-150600.13.15.1.s390x",
"product": {
"name": "nodejs22-22.22.2-150600.13.15.1.s390x",
"product_id": "nodejs22-22.22.2-150600.13.15.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"product": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"product_id": "nodejs22-devel-22.22.2-150600.13.15.1.s390x"
}
},
{
"category": "product_version",
"name": "npm22-22.22.2-150600.13.15.1.s390x",
"product": {
"name": "npm22-22.22.2-150600.13.15.1.s390x",
"product_id": "npm22-22.22.2-150600.13.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.22.2-150600.13.15.1.x86_64",
"product": {
"name": "corepack22-22.22.2-150600.13.15.1.x86_64",
"product_id": "corepack22-22.22.2-150600.13.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.22.2-150600.13.15.1.x86_64",
"product": {
"name": "nodejs22-22.22.2-150600.13.15.1.x86_64",
"product_id": "nodejs22-22.22.2-150600.13.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"product": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"product_id": "nodejs22-devel-22.22.2-150600.13.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm22-22.22.2-150600.13.15.1.x86_64",
"product": {
"name": "npm22-22.22.2-150600.13.15.1.x86_64",
"product_id": "npm22-22.22.2-150600.13.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.22.2-150600.13.15.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64"
},
"product_reference": "nodejs22-22.22.2-150600.13.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.22.2-150600.13.15.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le"
},
"product_reference": "nodejs22-22.22.2-150600.13.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.22.2-150600.13.15.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x"
},
"product_reference": "nodejs22-22.22.2-150600.13.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.22.2-150600.13.15.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64"
},
"product_reference": "nodejs22-22.22.2-150600.13.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64"
},
"product_reference": "nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x"
},
"product_reference": "nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64"
},
"product_reference": "nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.22.2-150600.13.15.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch"
},
"product_reference": "nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.22.2-150600.13.15.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64"
},
"product_reference": "npm22-22.22.2-150600.13.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.22.2-150600.13.15.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le"
},
"product_reference": "npm22-22.22.2-150600.13.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.22.2-150600.13.15.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x"
},
"product_reference": "npm22-22.22.2-150600.13.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.22.2-150600.13.15.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64"
},
"product_reference": "npm22-22.22.2-150600.13.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.22.2-150600.13.15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le"
},
"product_reference": "nodejs22-22.22.2-150600.13.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.22.2-150600.13.15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64"
},
"product_reference": "nodejs22-22.22.2-150600.13.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64"
},
"product_reference": "nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.22.2-150600.13.15.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch"
},
"product_reference": "nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.22.2-150600.13.15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le"
},
"product_reference": "npm22-22.22.2-150600.13.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.22.2-150600.13.15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
},
"product_reference": "npm22-22.22.2-150600.13.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21637"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21637",
"url": "https://www.suse.com/security/cve/CVE-2026-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1256576 for CVE-2026-21637",
"url": "https://bugzilla.suse.com/1256576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T06:27:53Z",
"details": "moderate"
}
],
"title": "CVE-2026-21637"
},
{
"cve": "CVE-2026-21710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21710"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21710",
"url": "https://www.suse.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "SUSE Bug 1260455 for CVE-2026-21710",
"url": "https://bugzilla.suse.com/1260455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T06:27:53Z",
"details": "important"
}
],
"title": "CVE-2026-21710"
},
{
"cve": "CVE-2026-21713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21713"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21713",
"url": "https://www.suse.com/security/cve/CVE-2026-21713"
},
{
"category": "external",
"summary": "SUSE Bug 1260463 for CVE-2026-21713",
"url": "https://bugzilla.suse.com/1260463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T06:27:53Z",
"details": "moderate"
}
],
"title": "CVE-2026-21713"
},
{
"cve": "CVE-2026-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21714"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21714",
"url": "https://www.suse.com/security/cve/CVE-2026-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1260480 for CVE-2026-21714",
"url": "https://bugzilla.suse.com/1260480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T06:27:53Z",
"details": "moderate"
}
],
"title": "CVE-2026-21714"
},
{
"cve": "CVE-2026-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21715"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21715",
"url": "https://www.suse.com/security/cve/CVE-2026-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21715",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T06:27:53Z",
"details": "low"
}
],
"title": "CVE-2026-21715"
},
{
"cve": "CVE-2026-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21716"
}
],
"notes": [
{
"category": "general",
"text": "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21716",
"url": "https://www.suse.com/security/cve/CVE-2026-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1260462 for CVE-2026-21716",
"url": "https://bugzilla.suse.com/1260462"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T06:27:53Z",
"details": "moderate"
}
],
"title": "CVE-2026-21716"
},
{
"cve": "CVE-2026-21717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21717"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in V8\u0027s string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8\u0027s internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21717",
"url": "https://www.suse.com/security/cve/CVE-2026-21717"
},
{
"category": "external",
"summary": "SUSE Bug 1260494 for CVE-2026-21717",
"url": "https://bugzilla.suse.com/1260494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T06:27:53Z",
"details": "moderate"
}
],
"title": "CVE-2026-21717"
}
]
}
SUSE-SU-2026:21181-1
Vulnerability from csaf_suse - Published: 2026-04-13 10:59 - Updated: 2026-04-13 10:59Summary
Security update for nodejs24
Severity
Important
Notes
Title of the patch: Security update for nodejs24
Description of the patch: This update for nodejs24 fixes the following issues:
Update to version 24.14.1.
Security issues fixed:
- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for
performance degradation via a crafted request (bsc#1260494).
- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file
permissions and ownership on already-open file descriptors (bsc#1260462).
- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and
filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).
- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent
on stream 0 (bsc#1260480).
- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and
potential MAC forgery (bsc#1260463).
- CVE-2026-21712: assertion error caused by flaw in URL processing allows for a process crash via a URL with a
malformed IDN (bsc#1260460).
- CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a
header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455).
- CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or
`ALPNCallback` are in use (bsc#1256576).
- CVE-2025-59464: memory leak allows for remote denial of service against applications processing TLS client
certificates (bsc#1256572).
Other updates and bugfixes:
- Version 24.14.0:
* async_hooks: add trackPromises option to createHook()
* build,deps: replace cjs-module-lexer with merve
* deps: add LIEF as a dependency
* events: repurpose events.listenerCount() to accept EventTargets
* fs: add ignore option to fs.watch
* http: add http.setGlobalProxyFromEnv()
* module: allow subpath imports that start with #/
* process: preserve AsyncLocalStorage in queueMicrotask only when needed
* sea: split sea binary manipulation code
* sqlite: enable defensive mode by default
* sqlite: add sqlite prepare options args
* src: add initial support for ESM in embedder API
* stream: add bytes() method to node:stream/consumers
* stream: do not pass readable.compose() output via Readable.from()
* test: use fixture directories for sea tests
* test_runner: add env option to run function
* test_runner: support expecting a test-case to fail
* util: add convertProcessSignalToExitCode utility
* For details, see https://nodejs.org/en/blog/release/v24.14.0
Patchnames: SUSE-SLES-16.0-541
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.4 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs24",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs24 fixes the following issues:\n\nUpdate to version 24.14.1.\n\nSecurity issues fixed:\n\n- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8\u0027s string hashing mechanism allows for\n performance degradation via a crafted request (bsc#1260494).\n- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file\n permissions and ownership on already-open file descriptors (bsc#1260462).\n- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and\n filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).\n- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent\n on stream 0 (bsc#1260480).\n- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and\n potential MAC forgery (bsc#1260463).\n- CVE-2026-21712: assertion error caused by flaw in URL processing allows for a process crash via a URL with a\n malformed IDN (bsc#1260460).\n- CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a\n header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455).\n- CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or\n `ALPNCallback` are in use (bsc#1256576).\n- CVE-2025-59464: memory leak allows for remote denial of service against applications processing TLS client\n certificates (bsc#1256572).\n\nOther updates and bugfixes:\n\n- Version 24.14.0:\n * async_hooks: add trackPromises option to createHook()\n * build,deps: replace cjs-module-lexer with merve\n * deps: add LIEF as a dependency\n * events: repurpose events.listenerCount() to accept EventTargets\n * fs: add ignore option to fs.watch\n * http: add http.setGlobalProxyFromEnv()\n * module: allow subpath imports that start with #/\n * process: preserve AsyncLocalStorage in queueMicrotask only when needed\n * sea: split sea binary manipulation code\n * sqlite: enable defensive mode by default\n * sqlite: add sqlite prepare options args\n * src: add initial support for ESM in embedder API\n * stream: add bytes() method to node:stream/consumers\n * stream: do not pass readable.compose() output via Readable.from()\n * test: use fixture directories for sea tests\n * test_runner: add env option to run function\n * test_runner: support expecting a test-case to fail\n * util: add convertProcessSignalToExitCode utility\n * For details, see https://nodejs.org/en/blog/release/v24.14.0\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-541",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21181-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21181-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621181-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21181-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025537.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256572",
"url": "https://bugzilla.suse.com/1256572"
},
{
"category": "self",
"summary": "SUSE Bug 1256576",
"url": "https://bugzilla.suse.com/1256576"
},
{
"category": "self",
"summary": "SUSE Bug 1260455",
"url": "https://bugzilla.suse.com/1260455"
},
{
"category": "self",
"summary": "SUSE Bug 1260460",
"url": "https://bugzilla.suse.com/1260460"
},
{
"category": "self",
"summary": "SUSE Bug 1260462",
"url": "https://bugzilla.suse.com/1260462"
},
{
"category": "self",
"summary": "SUSE Bug 1260463",
"url": "https://bugzilla.suse.com/1260463"
},
{
"category": "self",
"summary": "SUSE Bug 1260480",
"url": "https://bugzilla.suse.com/1260480"
},
{
"category": "self",
"summary": "SUSE Bug 1260482",
"url": "https://bugzilla.suse.com/1260482"
},
{
"category": "self",
"summary": "SUSE Bug 1260494",
"url": "https://bugzilla.suse.com/1260494"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-59464 page",
"url": "https://www.suse.com/security/cve/CVE-2025-59464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21710 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21712 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21712/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21713 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21717 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21717/"
}
],
"title": "Security update for nodejs24",
"tracking": {
"current_release_date": "2026-04-13T10:59:52Z",
"generator": {
"date": "2026-04-13T10:59:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21181-1",
"initial_release_date": "2026-04-13T10:59:52Z",
"revision_history": [
{
"date": "2026-04-13T10:59:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack24-24.14.1-160000.1.1.aarch64",
"product": {
"name": "corepack24-24.14.1-160000.1.1.aarch64",
"product_id": "corepack24-24.14.1-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs24-24.14.1-160000.1.1.aarch64",
"product": {
"name": "nodejs24-24.14.1-160000.1.1.aarch64",
"product_id": "nodejs24-24.14.1-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs24-devel-24.14.1-160000.1.1.aarch64",
"product": {
"name": "nodejs24-devel-24.14.1-160000.1.1.aarch64",
"product_id": "nodejs24-devel-24.14.1-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm24-24.14.1-160000.1.1.aarch64",
"product": {
"name": "npm24-24.14.1-160000.1.1.aarch64",
"product_id": "npm24-24.14.1-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-docs-24.14.1-160000.1.1.noarch",
"product": {
"name": "nodejs24-docs-24.14.1-160000.1.1.noarch",
"product_id": "nodejs24-docs-24.14.1-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack24-24.14.1-160000.1.1.ppc64le",
"product": {
"name": "corepack24-24.14.1-160000.1.1.ppc64le",
"product_id": "corepack24-24.14.1-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs24-24.14.1-160000.1.1.ppc64le",
"product": {
"name": "nodejs24-24.14.1-160000.1.1.ppc64le",
"product_id": "nodejs24-24.14.1-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"product": {
"name": "nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"product_id": "nodejs24-devel-24.14.1-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm24-24.14.1-160000.1.1.ppc64le",
"product": {
"name": "npm24-24.14.1-160000.1.1.ppc64le",
"product_id": "npm24-24.14.1-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack24-24.14.1-160000.1.1.s390x",
"product": {
"name": "corepack24-24.14.1-160000.1.1.s390x",
"product_id": "corepack24-24.14.1-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs24-24.14.1-160000.1.1.s390x",
"product": {
"name": "nodejs24-24.14.1-160000.1.1.s390x",
"product_id": "nodejs24-24.14.1-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs24-devel-24.14.1-160000.1.1.s390x",
"product": {
"name": "nodejs24-devel-24.14.1-160000.1.1.s390x",
"product_id": "nodejs24-devel-24.14.1-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "npm24-24.14.1-160000.1.1.s390x",
"product": {
"name": "npm24-24.14.1-160000.1.1.s390x",
"product_id": "npm24-24.14.1-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack24-24.14.1-160000.1.1.x86_64",
"product": {
"name": "corepack24-24.14.1-160000.1.1.x86_64",
"product_id": "corepack24-24.14.1-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs24-24.14.1-160000.1.1.x86_64",
"product": {
"name": "nodejs24-24.14.1-160000.1.1.x86_64",
"product_id": "nodejs24-24.14.1-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs24-devel-24.14.1-160000.1.1.x86_64",
"product": {
"name": "nodejs24-devel-24.14.1-160000.1.1.x86_64",
"product_id": "nodejs24-devel-24.14.1-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm24-24.14.1-160000.1.1.x86_64",
"product": {
"name": "npm24-24.14.1-160000.1.1.x86_64",
"product_id": "npm24-24.14.1-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.14.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64"
},
"product_reference": "corepack24-24.14.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.14.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le"
},
"product_reference": "corepack24-24.14.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.14.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x"
},
"product_reference": "corepack24-24.14.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.14.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64"
},
"product_reference": "corepack24-24.14.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.14.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64"
},
"product_reference": "nodejs24-24.14.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.14.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le"
},
"product_reference": "nodejs24-24.14.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.14.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x"
},
"product_reference": "nodejs24-24.14.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.14.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64"
},
"product_reference": "nodejs24-24.14.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.14.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64"
},
"product_reference": "nodejs24-devel-24.14.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.14.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le"
},
"product_reference": "nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.14.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x"
},
"product_reference": "nodejs24-devel-24.14.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.14.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64"
},
"product_reference": "nodejs24-devel-24.14.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-docs-24.14.1-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch"
},
"product_reference": "nodejs24-docs-24.14.1-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.14.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64"
},
"product_reference": "npm24-24.14.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.14.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le"
},
"product_reference": "npm24-24.14.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.14.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x"
},
"product_reference": "npm24-24.14.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.14.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64"
},
"product_reference": "npm24-24.14.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.14.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64"
},
"product_reference": "corepack24-24.14.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.14.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le"
},
"product_reference": "corepack24-24.14.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.14.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x"
},
"product_reference": "corepack24-24.14.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.14.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64"
},
"product_reference": "corepack24-24.14.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.14.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64"
},
"product_reference": "nodejs24-24.14.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.14.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le"
},
"product_reference": "nodejs24-24.14.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.14.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x"
},
"product_reference": "nodejs24-24.14.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.14.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64"
},
"product_reference": "nodejs24-24.14.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.14.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64"
},
"product_reference": "nodejs24-devel-24.14.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.14.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le"
},
"product_reference": "nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.14.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x"
},
"product_reference": "nodejs24-devel-24.14.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.14.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64"
},
"product_reference": "nodejs24-devel-24.14.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-docs-24.14.1-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch"
},
"product_reference": "nodejs24-docs-24.14.1-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.14.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64"
},
"product_reference": "npm24-24.14.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.14.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le"
},
"product_reference": "npm24-24.14.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.14.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x"
},
"product_reference": "npm24-24.14.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.14.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
},
"product_reference": "npm24-24.14.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-59464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-59464"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak in Node.js\u0027s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-59464",
"url": "https://www.suse.com/security/cve/CVE-2025-59464"
},
{
"category": "external",
"summary": "SUSE Bug 1256572 for CVE-2025-59464",
"url": "https://bugzilla.suse.com/1256572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-59464"
},
{
"cve": "CVE-2026-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21637"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21637",
"url": "https://www.suse.com/security/cve/CVE-2026-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1256576 for CVE-2026-21637",
"url": "https://bugzilla.suse.com/1256576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-21637"
},
{
"cve": "CVE-2026-21710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21710"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21710",
"url": "https://www.suse.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "SUSE Bug 1260455 for CVE-2026-21710",
"url": "https://bugzilla.suse.com/1260455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "important"
}
],
"title": "CVE-2026-21710"
},
{
"cve": "CVE-2026-21712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21712"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21712",
"url": "https://www.suse.com/security/cve/CVE-2026-21712"
},
{
"category": "external",
"summary": "SUSE Bug 1260460 for CVE-2026-21712",
"url": "https://bugzilla.suse.com/1260460"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-21712"
},
{
"cve": "CVE-2026-21713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21713"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21713",
"url": "https://www.suse.com/security/cve/CVE-2026-21713"
},
{
"category": "external",
"summary": "SUSE Bug 1260463 for CVE-2026-21713",
"url": "https://bugzilla.suse.com/1260463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-21713"
},
{
"cve": "CVE-2026-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21714"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21714",
"url": "https://www.suse.com/security/cve/CVE-2026-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1260480 for CVE-2026-21714",
"url": "https://bugzilla.suse.com/1260480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-21714"
},
{
"cve": "CVE-2026-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21715"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21715",
"url": "https://www.suse.com/security/cve/CVE-2026-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21715",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "low"
}
],
"title": "CVE-2026-21715"
},
{
"cve": "CVE-2026-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21716"
}
],
"notes": [
{
"category": "general",
"text": "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21716",
"url": "https://www.suse.com/security/cve/CVE-2026-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1260462 for CVE-2026-21716",
"url": "https://bugzilla.suse.com/1260462"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-21716"
},
{
"cve": "CVE-2026-21717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21717"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in V8\u0027s string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8\u0027s internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21717",
"url": "https://www.suse.com/security/cve/CVE-2026-21717"
},
{
"category": "external",
"summary": "SUSE Bug 1260494 for CVE-2026-21717",
"url": "https://bugzilla.suse.com/1260494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-21717"
}
]
}
WID-SEC-W-2026-0843
Vulnerability from csaf_certbund - Published: 2026-03-24 23:00 - Updated: 2026-04-09 22:00Summary
Node.js: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Node.js ist eine Plattform zur Entwicklung von Netzwerkanwendungen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um einen Denial of Service zu verursachen, Sicherheitsmaßnahmen zu umgehen und Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
References
15 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Node.js ist eine Plattform zur Entwicklung von Netzwerkanwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um einen Denial of Service zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen und Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0843 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0843.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0843 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0843"
},
{
"category": "external",
"summary": "Node.js Security Releases vom 2026-03-24",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6183 vom 2026-03-29",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00092.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:7123 vom 2026-04-09",
"url": "https://errata.build.resf.org/RLSA-2026:7123"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7123 vom 2026-04-08",
"url": "https://access.redhat.com/errata/RHSA-2026:7123"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7080 vom 2026-04-08",
"url": "https://access.redhat.com/errata/RHSA-2026:7080"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:7302 vom 2026-04-09",
"url": "https://errata.build.resf.org/RLSA-2026:7302"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7310 vom 2026-04-09",
"url": "https://access.redhat.com/errata/RHSA-2026:7310"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7302 vom 2026-04-09",
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7350 vom 2026-04-10",
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-7123 vom 2026-04-10",
"url": "https://linux.oracle.com/errata/ELSA-2026-7123.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10504-1 vom 2026-04-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4GLUZJOSPBAG2HKNV2YSYYK4DULF2TNN/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:7350 vom 2026-04-10",
"url": "https://errata.build.resf.org/RLSA-2026:7350"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-7080 vom 2026-04-09",
"url": "https://linux.oracle.com/errata/ELSA-2026-7080.html"
}
],
"source_lang": "en-US",
"title": "Node.js: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-04-09T22:00:00.000+00:00",
"generator": {
"date": "2026-04-10T07:10:06.155+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0843",
"initial_release_date": "2026-03-24T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-24T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-29T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-03-30T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: EUVD-2026-17093, EUVD-2026-17174, EUVD-2026-17176, EUVD-2026-17178, EUVD-2026-17182, EUVD-2026-17170, EUVD-2026-17172"
},
{
"date": "2026-04-08T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2026-04-09T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Rocky Enterprise Software Foundation, Red Hat, Oracle Linux und openSUSE aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c20.20.2",
"product": {
"name": "Open Source Node.js \u003c20.20.2",
"product_id": "T052111"
}
},
{
"category": "product_version",
"name": "20.20.2",
"product": {
"name": "Open Source Node.js 20.20.2",
"product_id": "T052111-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:20.20.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c22.22.2",
"product": {
"name": "Open Source Node.js \u003c22.22.2",
"product_id": "T052112"
}
},
{
"category": "product_version",
"name": "22.22.2",
"product": {
"name": "Open Source Node.js 22.22.2",
"product_id": "T052112-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:22.22.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.14.1",
"product": {
"name": "Open Source Node.js \u003c24.14.1",
"product_id": "T052113"
}
},
{
"category": "product_version",
"name": "24.14.1",
"product": {
"name": "Open Source Node.js 24.14.1",
"product_id": "T052113-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:24.14.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c25.8.2",
"product": {
"name": "Open Source Node.js \u003c25.8.2",
"product_id": "T052114"
}
},
{
"category": "product_version",
"name": "25.8.2",
"product": {
"name": "Open Source Node.js 25.8.2",
"product_id": "T052114-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:25.8.2"
}
}
}
],
"category": "product_name",
"name": "Node.js"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-36137",
"product_status": {
"known_affected": [
"2951",
"67646",
"T027843",
"T004914",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2024-36137"
},
{
"cve": "CVE-2026-21637",
"product_status": {
"known_affected": [
"2951",
"67646",
"T027843",
"T004914",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21637"
},
{
"cve": "CVE-2026-21710",
"product_status": {
"known_affected": [
"2951",
"67646",
"T027843",
"T004914",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21710"
},
{
"cve": "CVE-2026-21711",
"product_status": {
"known_affected": [
"2951",
"67646",
"T027843",
"T004914",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21711"
},
{
"cve": "CVE-2026-21712",
"product_status": {
"known_affected": [
"2951",
"67646",
"T027843",
"T004914",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21712"
},
{
"cve": "CVE-2026-21713",
"product_status": {
"known_affected": [
"2951",
"67646",
"T027843",
"T004914",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21713"
},
{
"cve": "CVE-2026-21714",
"product_status": {
"known_affected": [
"2951",
"67646",
"T027843",
"T004914",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21714"
},
{
"cve": "CVE-2026-21715",
"product_status": {
"known_affected": [
"2951",
"67646",
"T027843",
"T004914",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21715"
},
{
"cve": "CVE-2026-21716",
"product_status": {
"known_affected": [
"2951",
"67646",
"T027843",
"T004914",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21716"
},
{
"cve": "CVE-2026-21717",
"product_status": {
"known_affected": [
"2951",
"67646",
"T027843",
"T004914",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21717"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…