Product
medium
advisory
Node.js Permission Model Bypass via Unix Domain Sockets (CVE-2026-21711)
2 rules 1 TTP 1 CVECVE-2026-21711 allows code running under the Node.js permission model without network access to create and expose local IPC endpoints via Unix Domain Sockets, bypassing intended network restrictions and enabling inter-process communication.
Node.js 25.x
nodejs
permission model
uds
unix domain socket
ipc
cve-2026-21711
2r
1t
1c
medium
advisory
CVE-2026-21717 Node.js V8 Hash Collision Vulnerability
2 rules 2 TTPs 1 CVECVE-2026-21717 is a vulnerability in V8's string hashing mechanism within Node.js that allows attackers to cause hash collisions via predictable integer-like strings in JSON input, leading to denial-of-service by degrading the performance of the Node.js process.
Node.js 20.x +3
dos
hash-collision
node.js
2r
2t
1c