Multiple vulnerabilities have been discovered in Node.js, affecting specific versions with particular OpenSSL configurations. The affected systems include Node.js v20.x with OpenSSL 3.0.15, and versions v22.x, v24.x, and v25.x with OpenSSL 3.5.4. The risk associated with these vulnerabilities is not explicitly specified by the publisher, though the publisher notes a low attack surface. Remediation involves applying future OpenSSL updates, as detailed in the provided security bulletin. Affected users are advised to consult the official security documentation for patches. The advisory references CVE identifiers CVE-2025-11187, CVE-2025-69421, and CVE-2026-22795. Further details are available in the Node.js security bulletin from January 28, 2026.
Summary of content from
https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0103/
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.