Author Topic: 9 CVE's just dropped for those running Node.js  (Read 112 times)

0 Members and 1 Guest are viewing this topic.

Offline
*****
9 CVE's just dropped for those running Node.js
« on: June 26, 2026, 03:48:16 AM »
I know Node.js isn't part of CWP, but I've seen people posting about it.

9 new CVE's just dropped for those running Node.js that are a wide range from DoS to Bypasses.

Reference: https://sysadmin.help/viewforum.php?f=80

Offline
*****
Re: 9 CVE's just dropped for those running Node.js
« Reply #1 on: June 26, 2026, 11:57:23 AM »
Very relevant since CWP has the NodeJS Application Manager:
/admin/index.php?module=mod_nodejs

Offline
**
Re: 9 CVE's just dropped for those running Node.js
« Reply #2 on: June 26, 2026, 02:29:29 PM »
Patched versions are out (CWP has them available in the Node.js configuration tab).

From internet: To ensure your runtime is completely insulated from this vulnerability, upgrade to at least the minimum version listed below:Node.js 22 (LTS): v22.23.0 or later (Note: v22.23.1 was released shortly after to address a separate regression)Node.js 24 (LTS): v24.17.0 or laterNode.js 26 (Current): v26.3.1 or later

What is with 2026 and exploits? I'm doing more patching than developing lately!
Web Design, Development & Web Hosting
https://6sense.com.au

Offline
*****
Re: 9 CVE's just dropped for those running Node.js
« Reply #3 on: June 26, 2026, 02:39:40 PM »
Welcome to the brave new world of AI-excavated exploits! Devs are getting bombarded by valid & invalid bug reports and CVE discoveries, thanks to helpful AI tools digging into source code.

Offline
*****
Re: 9 CVE's just dropped for those running Node.js
« Reply #4 on: June 26, 2026, 10:48:47 PM »
Welcome to the brave new world of AI-excavated exploits! Devs are getting bombarded by valid & invalid bug reports and CVE discoveries, thanks to helpful AI tools digging into source code.

Yup.

Also the more DEV's that use AI code, are putting in unknown bugs.