๐Ÿ” CVE Alert

CVE-2026-48619

MEDIUM 5.3
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

CWE CWE-400
Vendor nodejs
Product node
Ecosystems
Industries
Technology
Published Jun 26, 2026
Stay Ahead of the Next One

Get instant alerts for nodejs node

Be the first to know when new medium vulnerabilities affecting nodejs node are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Versions

nodejs / node
22.22.3 โ‰ค 22.22.3 24.16.0 โ‰ค 24.16.0 26.3.0 โ‰ค 26.3.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
nodejs.org: https://nodejs.org/en/blog/vulnerability/june-2026-security-releases