A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
References
| Link | Resource |
|---|---|
| https://nodejs.org/en/blog/vulnerability/june-2026-security-releases | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
26 Jun 2026, 20:18
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://nodejs.org/en/blog/vulnerability/june-2026-security-releases - Patch, Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CPE | cpe:2.3:a:nodejs:node.js:22.22.3:*:*:*:-:*:*:* cpe:2.3:a:nodejs:node.js:26.3.0:*:*:*:-:*:*:* cpe:2.3:a:nodejs:node.js:24.16.0:*:*:*:-:*:*:* |
|
| First Time |
Nodejs
Nodejs node.js |
26 Jun 2026, 02:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-26 02:16
Updated : 2026-06-26 20:18
NVD link : CVE-2026-48619
Mitre link : CVE-2026-48619
CVE.ORG link : CVE-2026-48619
JSON object : View
Products Affected
nodejs
- node.js
CWE
CWE-400
Uncontrolled Resource Consumption
