Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Linux 43 Nodejs22 Critical Denial of Service Vulnerability 2026-b4f830329b

fedora
Calendar Grey May 8, 2026
Dist Fedora Esm H88
Critical Denial of Service vulnerabilities in Fedora nodejs22 require immediate action. Upgrade to version 22.22.2 now.
Update to version 22.22.2

Summary

Node.js is a platform built on Chrome's JavaScript runtime \

for easily building fast, scalable network applications. \

Node.js uses an event-driven, non-blocking I/O model that \

makes it lightweight and efficient, perfect for data-intensive \

real-time applications that run across distributed devices.}

Update Information:

Update to version 22.22.2

Change Log

* Wed Apr 29 2026 tjuhasz - 1:22.22.2-2 - update of nghttp2 * Wed Apr 29 2026 tjuhasz - 1:22.22.2-1 - Update to version 22.22.2 (rhbz#2444849) * Mon Jan 19 2026 Jan Stan\u011bk - 1:22.22.0-3 - Diverge from rawhide

References


[ 1 ] Bug #2447160 - CVE-2026-1528 nodejs22: undici: Denial of Service via crafted WebSocket frame with large length [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447160 [ 2 ] Bug #2447163 - CVE-2026-2229 nodejs22: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447163 [ 3 ] Bug #2447170 - CVE-2026-1525 nodejs22: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447170 [ 4 ] Bug #2447175 - CVE-2026-1527 nodejs22: Undici: HTTP header injection and request smuggling vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447175 [ 5 ] Bug #2447181 - CVE-2026-1526 nodejs22: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression [fedora-all] https://bugzilla.redha...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e3f870229a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: nodejs22
Product: Fedora 43
Version: 22.22.2
Release: 2.fc43
Summary: JavaScript runtime

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here