Fedora 44 Node.js 22.22.2 Important DoS Advisory FEDORA-2026-3b76d8047d

fedora

May 8, 2026

Update to version 22.22.2

Summary

Node.js is a platform built on Chrome's JavaScript runtime

for easily building fast, scalable network applications.

Node.js uses an event-driven, non-blocking I/O model that

makes it lightweight and efficient, perfect for data-intensive

real-time applications that run across distributed devices.

Update Information:

Update to version 22.22.2

Topics Covered

security advisory denial of service fedora update important nodejs22

Change Log

* Wed Apr 8 2026 tjuhasz - 1:22.22.2-3 - Rework of update of nghttp2 * Wed Apr 8 2026 tjuhasz - 1:22.22.2-2 - Update bundled nghttp2 to 1.68.1 * Wed Apr 8 2026 tjuhasz - 1:22.22.2-1 - Update to version 22.22.2 (rhbz#2444849) * Wed Apr 8 2026 tjuhasz - 1:22.22.1-1 - Update to version 22.22.1 (rhbz#2444849) * Wed Apr 8 2026 tjuhasz - 1:22.22.0-9 - Remove disablement of LTO from specfile * Wed Apr 8 2026 Andrei Radchenko - 1:22.22.0-8 - spec: remove obsolete requires

References

[ 1 ] Bug #2447160 - CVE-2026-1528 nodejs22: undici: Denial of Service via crafted WebSocket frame with large length [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447160 [ 2 ] Bug #2447163 - CVE-2026-2229 nodejs22: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447163 [ 3 ] Bug #2447170 - CVE-2026-1525 nodejs22: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447170 [ 4 ] Bug #2447175 - CVE-2026-1527 nodejs22: Undici: HTTP header injection and request smuggling vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447175 [ 5 ] Bug #2447181 - CVE-2026-1526 nodejs22: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression [fedora-all] https://bugzi...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3b76d8047d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity

important

Lowest

Low

Medium

High

Critical

Name: nodejs22

Product: Fedora 44

Version: 22.22.2

Release: 3.fc44

URL: https://nodejs.org

Summary: JavaScript runtime

Topics Covered

security advisory denial of service fedora update important nodejs22

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 44 Node.js 22.22.2 Important DoS Advisory FEDORA-2026-3b76d8047d

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 44 Node.js 22.22.2 Important DoS Advisory FEDORA-2026-3b76d8047d

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!