{ "schema_version": "1.7.0", "id": "RHSA-2026:7675", "related": [], "upstream": [ "CVE-2026-1525", "CVE-2026-1526", "CVE-2026-1527", "CVE-2026-1528", "CVE-2026-2229", "CVE-2026-2581", "CVE-2026-21637", "CVE-2026-21710", "CVE-2026-21711", "CVE-2026-21712", "CVE-2026-21713", "CVE-2026-21714", "CVE-2026-21715", "CVE-2026-21716", "CVE-2026-21717", "CVE-2026-25547", "CVE-2026-26996", "CVE-2026-27135" ], "published": "2026-04-13T10:07:23Z", "modified": "2026-04-15T10:10:17Z", "summary": "Red Hat Security Advisory: nodejs24 security update", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "affected": [ { "package": { "name": "nodejs24", "ecosystem": "Red Hat:enterprise_linux:10.1", "purl": "pkg:rpm/redhat/nodejs24" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:24.14.1-2.el10_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "nodejs24-debuginfo", "ecosystem": "Red Hat:enterprise_linux:10.1", "purl": "pkg:rpm/redhat/nodejs24-debuginfo" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:24.14.1-2.el10_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "nodejs24-debugsource", "ecosystem": "Red Hat:enterprise_linux:10.1", "purl": "pkg:rpm/redhat/nodejs24-debugsource" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:24.14.1-2.el10_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "nodejs24-devel", "ecosystem": "Red Hat:enterprise_linux:10.1", "purl": "pkg:rpm/redhat/nodejs24-devel" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:24.14.1-2.el10_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "nodejs24-docs", "ecosystem": "Red Hat:enterprise_linux:10.1", "purl": "pkg:rpm/redhat/nodejs24-docs" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:24.14.1-2.el10_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "nodejs24-full-i18n", "ecosystem": "Red Hat:enterprise_linux:10.1", "purl": "pkg:rpm/redhat/nodejs24-full-i18n" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:24.14.1-2.el10_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "nodejs24-libs", "ecosystem": "Red Hat:enterprise_linux:10.1", "purl": "pkg:rpm/redhat/nodejs24-libs" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:24.14.1-2.el10_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "nodejs24-libs-debuginfo", "ecosystem": "Red Hat:enterprise_linux:10.1", "purl": "pkg:rpm/redhat/nodejs24-libs-debuginfo" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:24.14.1-2.el10_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "nodejs24-npm", "ecosystem": "Red Hat:enterprise_linux:10.1", "purl": "pkg:rpm/redhat/nodejs24-npm" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:11.11.0-1.24.14.1.2.el10_1" } ], "type": "ECOSYSTEM" } ] } ], "references": [ { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2026:7675" }, { "type": "ARTICLE", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436942" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447140" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447141" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453037" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453152" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453157" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453158" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453160" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453161" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453162" }, { "type": "ADVISORY", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7675.json" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-1525" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1525" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525" }, { "type": "ARTICLE", "url": "https://cna.openjsf.org/security-advisories.html" }, { "type": "ARTICLE", "url": "https://cwe.mitre.org/data/definitions/444.html" }, { "type": "ARTICLE", "url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm" }, { "type": "ARTICLE", "url": "https://hackerone.com/reports/3556037" }, { "type": "ARTICLE", "url": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-1526" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1526" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526" }, { "type": "ARTICLE", "url": "https://datatracker.ietf.org/doc/html/rfc7692" }, { "type": "ARTICLE", "url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q" }, { "type": "ARTICLE", "url": "https://hackerone.com/reports/3481206" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-1527" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1527" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1527" }, { "type": "ARTICLE", "url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq" }, { "type": "ARTICLE", "url": "https://hackerone.com/reports/3487198" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-1528" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1528" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528" }, { "type": "ARTICLE", "url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj" }, { "type": "ARTICLE", "url": "https://hackerone.com/reports/3537648" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-2229" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-2229" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229" }, { "type": "ARTICLE", "url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8" }, { "type": "ARTICLE", "url": "https://hackerone.com/reports/3487486" }, { "type": "ARTICLE", "url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-2581" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-2581" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2581" }, { "type": "ARTICLE", "url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h" }, { "type": "ARTICLE", "url": "https://hackerone.com/reports/3513473" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-21637" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21637" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21637" }, { "type": "ARTICLE", "url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-21710" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21710" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710" }, { "type": "ARTICLE", "url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-21711" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21711" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21711" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-21712" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21712" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21712" }, { "type": "ARTICLE", "url": "https://hackerone.com/reports/3546390" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-21713" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21713" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21713" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-21714" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21714" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21714" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-21715" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21715" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21715" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-21716" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21716" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21716" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-21717" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21717" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21717" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-25547" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25547" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547" }, { "type": "ARTICLE", "url": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-26996" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-26996" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996" }, { "type": "ARTICLE", "url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5" }, { "type": "ARTICLE", "url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-27135" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-27135" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135" }, { "type": "ARTICLE", "url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1" }, { "type": "ARTICLE", "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6" } ] }