Control Web Panel

Other => Other => Topic started by: Starburst on June 26, 2026, 03:48:16 AM

Title: 9 CVE's just dropped for those running Node.js
Post by: Starburst on June 26, 2026, 03:48:16 AM
I know Node.js isn't part of CWP, but I've seen people posting about it.

9 new CVE's just dropped for those running Node.js that are a wide range from DoS to Bypasses.

Reference: https://sysadmin.help/viewforum.php?f=80 (https://sysadmin.help/viewforum.php?f=80)
Title: Re: 9 CVE's just dropped for those running Node.js
Post by: overseer on June 26, 2026, 11:57:23 AM
Very relevant since CWP has the NodeJS Application Manager:
/admin/index.php?module=mod_nodejs
Title: Re: 9 CVE's just dropped for those running Node.js
Post by: 6Sense on June 26, 2026, 02:29:29 PM
Patched versions are out (CWP has them available in the Node.js configuration tab).

From internet: To ensure your runtime is completely insulated from this vulnerability, upgrade to at least the minimum version listed below:Node.js 22 (LTS): v22.23.0 or later (Note: v22.23.1 was released shortly after to address a separate regression)Node.js 24 (LTS): v24.17.0 or laterNode.js 26 (Current): v26.3.1 or later

What is with 2026 and exploits? I'm doing more patching than developing lately!
Title: Re: 9 CVE's just dropped for those running Node.js
Post by: overseer on June 26, 2026, 02:39:40 PM
Welcome to the brave new world of AI-excavated exploits! Devs are getting bombarded by valid & invalid bug reports and CVE discoveries, thanks to helpful AI tools digging into source code.
Title: Re: 9 CVE's just dropped for those running Node.js
Post by: Starburst on June 26, 2026, 10:48:47 PM
Welcome to the brave new world of AI-excavated exploits! Devs are getting bombarded by valid & invalid bug reports and CVE discoveries, thanks to helpful AI tools digging into source code.

Yup.

Also the more DEV's that use AI code, are putting in unknown bugs.