Alerts This Week
Warning Icon 1 1,053
Alerts This Week
Warning Icon 1 1,053

SUSE Node.js 24 Important Denial of Service Issues Fixed 2026-2633-1

suse
Calendar Grey June 25, 2026
Dist Suse Esm H88
SUSE released a vital security update for nodejs24, addressing 21 critical issues. Essential for system stability!
An update that solves 21 vulnerabilities can now be installed.

Summary

## This update for nodejs24 fixes the following issues Update to 24.17.0: * CVE-2026-2581: undici: Undici: Denial of Service due to uncontrolled resource consumption (bsc#1268480). * CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery (bsc#1268479). * CVE-2026-9496: pacote: excessive CPU consumption in `addGitSha` when processing a specially crafted `spec.rawSpec` value can lead to DoS (bsc#1266318). * CVE-2026-9678: undici: Undici: Information disclosure due to improper cache- control header parsing (bsc#1268478). * CVE-2026-9679: undici: undici vulnerable to HTTP header injection via Set- Cookie percent-decoding (bsc#1268477). * CVE-2026-11525: undici: undici: Weakening of cookie SameSite policy due to

Topics%20covered

Topics Covered

security advisory denial of service SuSE important resource consumption nodejs24

References

* bsc#1259853

* bsc#1262274

* bsc#1266318

* bsc#1268097

* bsc#1268477

* bsc#1268478

* bsc#1268479

* bsc#1268480

* bsc#1268481

* bsc#1268482

* bsc#1268554

* bsc#1268555

* bsc#1268592

* bsc#1268593

* bsc#1268598

* bsc#1268605

* bsc#1268606

* bsc#1268608

* bsc#1268609

* bsc#1268611

* bsc#1268618

Cross-

* CVE-2026-11525

* CVE-2026-12151

* CVE-2026-2581

* CVE-2026-27135

* CVE-2026-40170

* CVE-2026-42338

* CVE-2026-48615

* CVE-2026-48617

* CVE-2026-48618

* CVE-2026-48619

* CVE-2026-48928

* CVE-2026-48930

* CVE-2026-48931

* CVE-2026-48933

* CVE-2026-48934

* CVE-2026-48935

* CVE-2026-48937

* CVE-2026-6733

* CVE-2026-9496

* CVE-2026-9678

* CVE-2026-9679

CVSS scores:

* CVE-2026-11525 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2633-1
Release Date: 2026-06-25T13:34:13Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service SuSE important resource consumption nodejs24

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here