ALSA-2026:7080

[ALSA-2026:7080] Important: nodejs22 security update

Type:

security

Severity:

important

Release date:

2026-04-09

Description:

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed devices.  

Security Fix(es):  

  * brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion (CVE-2026-25547)
  * minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)
  * minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)
  * undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)
  * undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)
  * undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)
  * undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)
  * nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)
  * Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-npm-10.9.7-1.22.22.2.1.el10_1.aarch64.rpm	33df2dcbd748692bce24b2a1563ab7d2038f82e135177f3081fc18d223df5933
aarch64	nodejs-libs-22.22.2-1.el10_1.aarch64.rpm	36bc54a2c9d123e30b9c6633602b8b3d03a01fbc7285fe497fd43830a61982d3
aarch64	nodejs-full-i18n-22.22.2-1.el10_1.aarch64.rpm	61047f78a7761d22e5f3440e8af1b49f303fb6daf3a8c9e5adfad07c51ad5f23
aarch64	nodejs-devel-22.22.2-1.el10_1.aarch64.rpm	919a9f4750014dadb574a6960c5319fc7e5bb16c44b65b8859619694ccf786af
aarch64	nodejs-22.22.2-1.el10_1.aarch64.rpm	edaef184cd012f9e97a01112aa0acba1d9b10a459c4c80ad3af2bc1d780b2cdf
noarch	nodejs-docs-22.22.2-1.el10_1.noarch.rpm	547cb79e3b62135ee07d7ceadfcb33a607f541e4de7eb56922baaee82e7a240d
ppc64le	nodejs-devel-22.22.2-1.el10_1.ppc64le.rpm	1c5c12d20349a2884ae4aa26987812b39c3193fdc7359e3e9eab693393579dbb
ppc64le	nodejs-npm-10.9.7-1.22.22.2.1.el10_1.ppc64le.rpm	516fead9a7276a080eda5a3b85ad2993a9134c1117e4097d1bab2c0cf73a7483
ppc64le	nodejs-libs-22.22.2-1.el10_1.ppc64le.rpm	bc9be4e21cbb51fbd55e096f957882811a9095c786a286007aaff6e15e05213a
ppc64le	nodejs-full-i18n-22.22.2-1.el10_1.ppc64le.rpm	daa19f4c8ede8f4dd55254233c2ff318f3419bf88ef7899cc64109357a108f84
ppc64le	nodejs-22.22.2-1.el10_1.ppc64le.rpm	feeaaa6f186787f7fdd555164487db38324f68001e0c588f7b7b35f035464d34
s390x	nodejs-npm-10.9.7-1.22.22.2.1.el10_1.s390x.rpm	3d2ce0d8768a493d4a8af9af03db3affa88c922cfc02f7a41bdce3896991c074
s390x	nodejs-full-i18n-22.22.2-1.el10_1.s390x.rpm	5c08b96ff563d80b72c09a62189979702a15832f32105bc9b652a9949d13f2df
s390x	nodejs-libs-22.22.2-1.el10_1.s390x.rpm	a1688423c688227f670ffdd279fe342b21a4b99ec0feee0d8ac5bb705a2fe179
s390x	nodejs-devel-22.22.2-1.el10_1.s390x.rpm	c72ad24f3911cd289c0a5ffafc302be1c3f0a6f6695866ba19f687b31da49d8d
s390x	nodejs-22.22.2-1.el10_1.s390x.rpm	ddcb23c828c58457e613e2cb250f358b225adb2cf5f2e90753ad2bb799acc065
x86_64	nodejs-npm-10.9.7-1.22.22.2.1.el10_1.x86_64.rpm	21268801fd4041004e1f3228345e666fe3cb546984f85bc3a98dc64f50cc2b20
x86_64	nodejs-22.22.2-1.el10_1.x86_64.rpm	3554c1a3fb8d13dd62324e83b8edef50df776709a582a30553e5262989af53ff
x86_64	nodejs-libs-22.22.2-1.el10_1.x86_64.rpm	6303355fe3c40944a2eb84309016e12ae3ea6366cf3f045fb641aea8e882da78
x86_64	nodejs-full-i18n-22.22.2-1.el10_1.x86_64.rpm	7cd2933fd123099f247f0960ed9866b982556696502727523f05b3ceac4ff4cb
x86_64	nodejs-devel-22.22.2-1.el10_1.x86_64.rpm	ef1adcf37ed3706b6f65fce2c1b76350e2ebe196be8da308a3b37d9d679b5706
x86_64_v2	nodejs-full-i18n-22.22.2-1.el10_1.x86_64_v2.rpm	1bce56cc2e103caf7bd4b939c14cecf546f87c61b86b597431f5ac1ab15fcd10
x86_64_v2	nodejs-libs-22.22.2-1.el10_1.x86_64_v2.rpm	47a2a25a842cf45979e2ccb4851c7b00fbbde58f3350b9b68ba9df4fe37a3c72
x86_64_v2	nodejs-22.22.2-1.el10_1.x86_64_v2.rpm	4954eb35e744c2bff98f9e289ce024cc1b33f1c6fcf179be04fc9ba2b3474baa
x86_64_v2	nodejs-npm-10.9.7-1.22.22.2.1.el10_1.x86_64_v2.rpm	cd52cdf2dd4cb3505912d4de1151017ab66294566e1d2f0a3db833a176022a46
x86_64_v2	nodejs-devel-22.22.2-1.el10_1.x86_64_v2.rpm	d5e8b1c7cd253c090652a8e520b4551e296eda4097c79df110c6f09c85c70682

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.