Control Web Panel
Other => Other => Topic started by: Starburst on June 26, 2026, 03:48:16 AM
-
I know Node.js isn't part of CWP, but I've seen people posting about it.
9 new CVE's just dropped for those running Node.js that are a wide range from DoS to Bypasses.
Reference: https://sysadmin.help/viewforum.php?f=80 (https://sysadmin.help/viewforum.php?f=80)
-
Very relevant since CWP has the NodeJS Application Manager:
/admin/index.php?module=mod_nodejs
-
Patched versions are out (CWP has them available in the Node.js configuration tab).
From internet: To ensure your runtime is completely insulated from this vulnerability, upgrade to at least the minimum version listed below:Node.js 22 (LTS): v22.23.0 or later (Note: v22.23.1 was released shortly after to address a separate regression)Node.js 24 (LTS): v24.17.0 or laterNode.js 26 (Current): v26.3.1 or later
What is with 2026 and exploits? I'm doing more patching than developing lately!
-
Welcome to the brave new world of AI-excavated exploits! Devs are getting bombarded by valid & invalid bug reports and CVE discoveries, thanks to helpful AI tools digging into source code.
-
Welcome to the brave new world of AI-excavated exploits! Devs are getting bombarded by valid & invalid bug reports and CVE discoveries, thanks to helpful AI tools digging into source code.
Yup.
Also the more DEV's that use AI code, are putting in unknown bugs.