Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

SUSE Nodejs20 Important Issues Update 2026-1371-1 CVE-2026-21637

suse
Calendar Grey April 15, 2026
Scroller Suse
This update for SUSE nodejs20 addresses seven important issues to enhance security and performance. Install recommended patches.
An update that solves seven vulnerabilities can now be installed.

Summary

## This update for nodejs20 fixes the following issues: Update to version 20.20.2. * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480).

References

* bsc#1256576

* bsc#1260455

* bsc#1260462

* bsc#1260463

* bsc#1260480

* bsc#1260482

* bsc#1260494

Cross-

* CVE-2026-21637

* CVE-2026-21710

* CVE-2026-21713

* CVE-2026-21714

* CVE-2026-21715

* CVE-2026-21716

* CVE-2026-21717

CVSS scores:

* CVE-2026-21637 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-21710 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1371-1
Release Date: 2026-04-15T14:46:55Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.