Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

SUSE Nodejs22 Important Vulnerabilites DoS Security Advisory 2026-2695-1

suse
Calendar Grey June 30, 2026
Dist Suse Esm H88
SUSE released a critical update for nodejs22 addressing 19 vulnerabilities with important severity ratings.
An update that solves 19 vulnerabilities can now be installed.

Summary

## This update for nodejs22 fixes the following issues: * CVE-2026-48618: tls: normalize hostname for server identity checks (bsc#1268593). * CVE-2026-48933: crypto: guard WebCrypto cipher output length (bsc#1268592). * CVE-2026-48615: lib,test: redact proxy credentials in tunnel errors (bsc#1268598). * CVE-2026-48619: http2: cap originSet size to prevent unbounded memory growth (bsc#1268618). * CVE-2026-48928: tls: fix case-sensitive SNI context matching (bsc#1268605). * CVE-2026-48930: dns,net: reject hostnames with embedded NUL bytes (bsc#1268606). * CVE-2026-48934: tls: bind reusable sessions to authenticated host (bsc#1268608). * CVE-2026-48617: permission: handle process.chdir on writereport (bsc#1268554). * CVE-2026-48931: http: fix response queue poisoning in http.Agent

References

* bsc#1259853

* bsc#1262274

* bsc#1266318

* bsc#1268097

* bsc#1268477

* bsc#1268479

* bsc#1268481

* bsc#1268482

* bsc#1268554

* bsc#1268555

* bsc#1268592

* bsc#1268593

* bsc#1268598

* bsc#1268605

* bsc#1268606

* bsc#1268608

* bsc#1268609

* bsc#1268611

* bsc#1268618

Cross-

* CVE-2026-11525

* CVE-2026-12151

* CVE-2026-27135

* CVE-2026-40170

* CVE-2026-42338

* CVE-2026-48615

* CVE-2026-48617

* CVE-2026-48618

* CVE-2026-48619

* CVE-2026-48928

* CVE-2026-48930

* CVE-2026-48931

* CVE-2026-48933

* CVE-2026-48934

* CVE-2026-48935

* CVE-2026-48937

* CVE-2026-6733

* CVE-2026-9496

* CVE-2026-9679

CVSS scores:

* CVE-2026-11525 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

* CVE-2026-11525 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2695-1
Release Date: 2026-06-30T09:06:45Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here