๐Ÿ” CVE Alert

CVE-2026-48933

HIGH 7.5
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

CWE CWE-190
Vendor nodejs
Product node
Ecosystems
Industries
Technology
Published Jun 26, 2026
Stay Ahead of the Next One

Get instant alerts for nodejs node

Be the first to know when new high vulnerabilities affecting nodejs node are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Versions

nodejs / node
22.22.3 โ‰ค 22.22.3 24.16.0 โ‰ค 24.16.0 26.3.0 โ‰ค 26.3.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
nodejs.org: https://nodejs.org/en/blog/vulnerability/june-2026-security-releases