CVE-2026-21712 in Node.js
Resumen (Inglés)
A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.
Divulgación
2026-03-30
Voces
| ID | Vulnerabilidad | CWE | Base | Temp | 0day | Hoy | Exp | KEV | EPSS | CTI | Con | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354145 | Node.js URL node_url.cc url.format denegación de servicio | 617 | 5.3 | 5.1 | $0-$5k | $0-$5k | No está definido | 0.00000 | 5.09- | Arreglo oficial | CVE-2026-21712 |