PT-2026-50702 · Node.Js · Node
Published
2026-06-18
·
Updated
2026-06-18
·
CVE-2026-48617
CVSS v3.1
1.8
Low
| Vector | AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N |
A flaw in Node.js Permission Model enforcement allows Bypass via
process.report.writeReport() Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Node