ALSA-2026:2421

[ALSA-2026:2421] Important: nodejs:22 security update

Type:

security

Severity:

important

Release date:

2026-02-13

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.   

Security Fix(es):  

  * nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)
  * nodejs: Nodejs denial of service (CVE-2026-21637)
  * nodejs: Nodejs denial of service (CVE-2025-59466)
  * nodejs: Nodejs denial of service (CVE-2025-59465)
  * nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)
  * nodejs: Nodejs file permissions bypass (CVE-2025-55130)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-devel-22.22.0-1.module_el8.10.0+4112+db1af44b.aarch64.rpm	19e844033a817e7914beed2ad84654dcf4cac1307f1c1faedfd660ecedc7dc97
aarch64	v8-12.4-devel-12.4.254.21-1.22.22.0.1.module_el8.10.0+4112+db1af44b.aarch64.rpm	51dde0e47d8074d38961c7c36ddcd90b4210dec2b4e94dedfd66820f340b2866
aarch64	nodejs-22.22.0-1.module_el8.10.0+4112+db1af44b.aarch64.rpm	5537ba89f58ace8847a5640aa0d29d48e1898e7294b4e437d2c2ba7a791a603f
aarch64	nodejs-libs-22.22.0-1.module_el8.10.0+4112+db1af44b.aarch64.rpm	9a32d7e4525bdfaf0f8c724812efed358fcda2bf82e67a8bd9ef2d8861f1723b
aarch64	npm-10.9.4-1.22.22.0.1.module_el8.10.0+4112+db1af44b.aarch64.rpm	b05a99379db39c2c51830f5b5c824134388ec25475228c66196bd556166f777b
aarch64	nodejs-full-i18n-22.22.0-1.module_el8.10.0+4112+db1af44b.aarch64.rpm	eab956127a5cb1bab656245e54a22a439b85b9782dc7bc1d03bb86db181a43c7
noarch	nodejs-nodemon-3.0.1-1.module_el8.10.0+4006+3c416519.noarch.rpm	1b6e11aaa8d9bdb9162feb0d449e70ce58986cd57aeed33595bc13516352a9e6
noarch	nodejs-packaging-bundler-2021.06-5.module_el8.10.0+4085+6f807d30.noarch.rpm	44fc7050dda327626d4c812ac0f2a255569e9771f6b63f485507940c2b8c2f5f
noarch	nodejs-docs-22.22.0-1.module_el8.10.0+4112+db1af44b.noarch.rpm	95640166e715d55c3141ba355100fc81425a98e17da9548b782b0a4a1d46afef
noarch	nodejs-packaging-2021.06-5.module_el8.10.0+4085+6f807d30.noarch.rpm	ac23c47b101a1951f2b6653e6e582eb293925dd3f3b4d00c2d22e27547f3d94e
ppc64le	nodejs-22.22.0-1.module_el8.10.0+4112+db1af44b.ppc64le.rpm	134d820039053755127ea4f9c9cdc39418235aeb44cde0ef4559346ad156793d
ppc64le	nodejs-libs-22.22.0-1.module_el8.10.0+4112+db1af44b.ppc64le.rpm	505baac6e70e84cb5cd1e00008dc7209a660766e1e2acf85a06d8361d996fee3
ppc64le	v8-12.4-devel-12.4.254.21-1.22.22.0.1.module_el8.10.0+4112+db1af44b.ppc64le.rpm	76b1682ad531546ac9cdc43754e791e1b4822551dcace2a55ecd546f44d66bf6
ppc64le	nodejs-full-i18n-22.22.0-1.module_el8.10.0+4112+db1af44b.ppc64le.rpm	7f3bfbeb5b87939ed315462fd0d70b2cc97c12534cedf22ec9b71437cfae5163
ppc64le	npm-10.9.4-1.22.22.0.1.module_el8.10.0+4112+db1af44b.ppc64le.rpm	c14d809f6cd7b643ed37582abe175afa02fb32f86f5c38b90b52e046620c6c2d
ppc64le	nodejs-devel-22.22.0-1.module_el8.10.0+4112+db1af44b.ppc64le.rpm	d92109722114e84daafb28a4f8df24ec14757d99cd98c37c0b60fb3e783ca206
s390x	v8-12.4-devel-12.4.254.21-1.22.22.0.1.module_el8.10.0+4112+db1af44b.s390x.rpm	01bc52d7683ec844a7b97280ee8b5ad907e269274f3401677a7d0908596a2ea5
s390x	npm-10.9.4-1.22.22.0.1.module_el8.10.0+4112+db1af44b.s390x.rpm	0788172a8b29a83be94eb1561e97afb6ba0ba3c72d814ca33902a84690612560
s390x	nodejs-full-i18n-22.22.0-1.module_el8.10.0+4112+db1af44b.s390x.rpm	304f31de5cea415e78c73cba7e90f6b301501cee5d36d4d4cb501b41a4b1fc3d
s390x	nodejs-22.22.0-1.module_el8.10.0+4112+db1af44b.s390x.rpm	33adf2fe043f6d90af8dd9fb80c825dbb17dc854006928990b2ad02df09bb84e
s390x	nodejs-libs-22.22.0-1.module_el8.10.0+4112+db1af44b.s390x.rpm	838c94704a82397fc075f989ab03380ff941f8e8eae119b6e16d252a22f4824f
s390x	nodejs-devel-22.22.0-1.module_el8.10.0+4112+db1af44b.s390x.rpm	8fd7edabcbe95f715ba4a5ef2132c7806f03a336794fcf90c3977f41e8ebcb42
x86_64	nodejs-full-i18n-22.22.0-1.module_el8.10.0+4112+db1af44b.x86_64.rpm	2caad6aafd6cd908745d56aeddb1228074f9f82e9b603b59caaa631721aab95d
x86_64	nodejs-22.22.0-1.module_el8.10.0+4112+db1af44b.x86_64.rpm	78567d3848e91d06c204bf4ccc727ceb81ab5c1b0b6148e9c22e44944a17068c
x86_64	nodejs-libs-22.22.0-1.module_el8.10.0+4112+db1af44b.x86_64.rpm	8c84519eb64240b5e21d0e2563b1e5e7d45632d7c435c7dbf519e2a9978559a8
x86_64	v8-12.4-devel-12.4.254.21-1.22.22.0.1.module_el8.10.0+4112+db1af44b.x86_64.rpm	8fb5a4a3e5cb66ef765b8f057df9701d01fdfe51f119ad19a1c396ddd7a24356
x86_64	npm-10.9.4-1.22.22.0.1.module_el8.10.0+4112+db1af44b.x86_64.rpm	a80608b01f2c7c019b99e524c1cf85aeec5c09c221a536a62682f7d701fffea8
x86_64	nodejs-devel-22.22.0-1.module_el8.10.0+4112+db1af44b.x86_64.rpm	ceb249d302a91fc8c1b17ee674928073ede1cbe8e8ac8c003b7faf3fe375bfd1

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.