ALSA-2026:2422

[ALSA-2026:2422] Important: nodejs:20 security update

Type:

security

Severity:

important

Release date:

2026-02-12

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.   

Security Fix(es):  

  * nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)
  * nodejs: Nodejs denial of service (CVE-2026-21637)
  * nodejs: Nodejs denial of service (CVE-2025-59466)
  * nodejs: Nodejs denial of service (CVE-2025-59465)
  * nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)
  * nodejs: Nodejs file permissions bypass (CVE-2025-55130)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
noarch	nodejs-nodemon-3.0.1-1.module_el8.10.0+3982+85c136aa.noarch.rpm	2a3ac075981f56758aac0aa08cc55d71f2ca6610e6bc965f306dd6b9a8db442a
noarch	nodejs-packaging-2021.06-5.module_el8.10.0+4084+7c0af990.noarch.rpm	8b89ad41d4e66986f706fbb4d183a2d0d819eeaf18d6f1503e41a8affbf4af31
noarch	nodejs-packaging-bundler-2021.06-5.module_el8.10.0+4084+7c0af990.noarch.rpm	8bd79cf5922c24722b1536d007b4ab588d061e645ed37dcbe896dbcdb8cb1b36

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.