Explore top 10 tips to secure your open-source projects now. Read More
×
Description:
lib,test: redact proxy credentials in tunnel errors. (CVE-2026-48615)
permission: handle process.chdir on writereport. (CVE-2026-48617)
tls: normalize hostname for server identity checks. (CVE-2026-48618)
http2: cap originSet size to prevent unbounded memory growth.
(CVE-2026-48619)
tls: fix case-sensitive SNI context matching. (CVE-2026-48928)
dns,net: reject hostnames with embedded NUL bytes. (CVE-2026-48930)
http: fix response queue poisoning in http.Agent. (CVE-2026-48931)
crypto: guard WebCrypto cipher output length. (CVE-2026-48933)
tls: bind reusable sessions to authenticated host. (CVE-2026-48934)
permission: disable FileHandle utimes with permission model.
(CVE-2026-48935)
deps: fix integration issues with the latest nghttp2. (CVE-2026-48937)
- https://bugs.mageia.org/show_bug.cgi?id=35724
- https://nodejs.org/en/blog/release/v22.23.0
- https://nodejs.org/en/blog/vulnerability/june-2026-security-releases
- https://www.cve.org/CVERecord?id=CVE-2026-48615
- https://www.cve.org/CVERecord?id=CVE-2026-48617
- https://www.cve.org/CVERecord?id=CVE-2026-48618
- https://www.cve.org/CVERecord?id=CVE-2026-48619
- https://www.cve.org/CVERecord?id=CVE-2026-48928
- https://www.cve.org/CVERecord?id=CVE-2026-48930
- https://www.cve.org/CVERecord?id=CVE-2026-48931
- https://www.cve.org/CVERecord?id=CVE-2026-48933
- https://www.cve.org/CVERecord?id=CVE-2026-48934
- https://www.cve.org/CVERecord?id=CVE-2026-48935
- https://www.cve.org/CVERecord?id=CVE-2026-48937
- 10/core/nodejs-22.23.1-2.mga10
- 9/core/nodejs-22.23.1-2.mga9
Publication date:18 Jul 2026
Get the latest Linux and open source security news straight to your inbox.