Alerts This Week
Warning Icon 1 1,111
Alerts This Week
Warning Icon 1 1,111

SUSE 15 SP7 Nodejs24 Major Security Flaws SUSE-SU-2026-1300-1

suse
Calendar Grey April 13, 2026
Dist Suse Esm H88
An important update for nodejs24 in SUSE addresses nine issues, including denial of service vulnerabilities.
An update that solves nine vulnerabilities can now be installed.

Summary

## This update for nodejs24 fixes the following issues: * Update to 24.14.1 * CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths and can cause a denial of service (bsc#1256576). * CVE-2026-21710: uncaught TypeError exception can cause a denial of service (bsc#1260455). * CVE-2026-21712: malformed URL format can lead to a crash (bsc#1260460). * CVE-2026-21713: timing side-channel in HMAC verification via memcmp can lead to potential MAC forgery (bsc#1260463). * CVE-2026-21714: WINDOW_UPDATE frames on stream 0 can lead to memory leak (bsc#1260480). * CVE-2026-21715: permission model bypass in realpathSync.native can allow file existence disclosure (bsc#1260482). * CVE-2026-21716: promise-based FileHandle methods can be used to modify file

References

* bsc#1256572

* bsc#1256576

* bsc#1260455

* bsc#1260460

* bsc#1260462

* bsc#1260463

* bsc#1260480

* bsc#1260482

* bsc#1260494

Cross-

* CVE-2025-59464

* CVE-2026-21637

* CVE-2026-21710

* CVE-2026-21712

* CVE-2026-21713

* CVE-2026-21714

* CVE-2026-21715

* CVE-2026-21716

* CVE-2026-21717

CVSS scores:

* CVE-2025-59464 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2025-59464 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-59464 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-59464 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2026-21637 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1299-1
Release Date: 2026-04-13T15:54:46Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here