ALSA-2026:2782

[ALSA-2026:2782] Important: nodejs:22 security update

Type:

security

Severity:

important

Release date:

2026-02-23

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.   

Security Fix(es):  

  * nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)
  * nodejs: Nodejs denial of service (CVE-2026-21637)
  * nodejs: Nodejs denial of service (CVE-2025-59466)
  * nodejs: Nodejs denial of service (CVE-2025-59465)
  * nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)
  * nodejs: Nodejs file permissions bypass (CVE-2025-55130)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	npm-10.9.4-1.22.22.0.1.module_el9.7.0+208+fb06c0ab.aarch64.rpm	00fab632ae8b301d82d292629c1fceaa20ed5001ee6e7e4ca4375e26947c8577
aarch64	nodejs-libs-22.22.0-1.module_el9.7.0+208+fb06c0ab.aarch64.rpm	411ab25054c9219c713c3fc957e04a850667cdda44a9d6dbfc85c148227c8a85
aarch64	nodejs-full-i18n-22.22.0-1.module_el9.7.0+208+fb06c0ab.aarch64.rpm	47c521cb8f4c53833491f5396d1c57e851d551398da52dd83f1426ca301a6769
aarch64	nodejs-22.22.0-1.module_el9.7.0+208+fb06c0ab.aarch64.rpm	4b2312a4ab8a6f3fc82951a4050e4cb7922b2ab6c56150f26837cfef35b37b02
aarch64	v8-12.4-devel-12.4.254.21-1.22.22.0.1.module_el9.7.0+208+fb06c0ab.aarch64.rpm	5100ddfcce17666ba4b1caf39e3906659a37631033905ec82d85f69dc7fb0d8b
aarch64	nodejs-devel-22.22.0-1.module_el9.7.0+208+fb06c0ab.aarch64.rpm	7c4cfd31466da6be7e03c3d760c937cefe9a35c4a7bd00120b300f07858f31db
noarch	nodejs-packaging-2021.06-5.module_el9.7.0+208+fb06c0ab.noarch.rpm	0528eee629fa506b56c3cec5fd577ee9ade9ee3263827b8f394f53d54bbe1672
noarch	nodejs-packaging-bundler-2021.06-5.module_el9.7.0+196+ac40ca3b.noarch.rpm	7ebb5361e6442c86bcc948ea9b435aecc4c8bfd34de4f5d6529133fdaa23235b
noarch	nodejs-nodemon-3.0.1-1.module_el9.6.0+172+f0ba00ec.noarch.rpm	8921c764fbe46df7cc2acc0214748ae816c81911a1ef010e4954d2f9f3f1f581
noarch	nodejs-docs-22.22.0-1.module_el9.7.0+208+fb06c0ab.noarch.rpm	8f3de5a8307d83d62844ec5660a43d92dbb1352be6470f6ca457e5ae5f80e28c
ppc64le	v8-12.4-devel-12.4.254.21-1.22.22.0.1.module_el9.7.0+208+fb06c0ab.ppc64le.rpm	21f9ec269609c36a17e6e2dd142fbd36dbbbccc6f408640b027966f90f933210
ppc64le	nodejs-full-i18n-22.22.0-1.module_el9.7.0+208+fb06c0ab.ppc64le.rpm	63d2f232ca70294b504a30eda9b0fa2f5524e526e15e2128c42aeb29cfdfa000
ppc64le	nodejs-devel-22.22.0-1.module_el9.7.0+208+fb06c0ab.ppc64le.rpm	a744561a5f5b780a1bb80261a49f39018b76fdf64ac0f316ec9ea01983107556
ppc64le	nodejs-libs-22.22.0-1.module_el9.7.0+208+fb06c0ab.ppc64le.rpm	b75a31ac7260a399b39d50e7845fdacb2853b19cf385407e764fffef3836a6ca
ppc64le	npm-10.9.4-1.22.22.0.1.module_el9.7.0+208+fb06c0ab.ppc64le.rpm	dc9bd2c54734fdcdc4286df320d873fe09cb5573eb4d45e8127a60241e030312
ppc64le	nodejs-22.22.0-1.module_el9.7.0+208+fb06c0ab.ppc64le.rpm	ea61da3421fda0a53677bb78695b098cd815fe96849af894f3f6964d608fe8c6
s390x	nodejs-full-i18n-22.22.0-1.module_el9.7.0+208+fb06c0ab.s390x.rpm	326d7d6b92e4acdd71920b42eb3dd7cf1c8e4b5271d5f73c467b32c65a3b5a86
s390x	nodejs-libs-22.22.0-1.module_el9.7.0+208+fb06c0ab.s390x.rpm	46d54159011f929e3162a30f49c6d1fac056d9377cad5878a20287f16aa7a4bb
s390x	nodejs-devel-22.22.0-1.module_el9.7.0+208+fb06c0ab.s390x.rpm	6171cca946d484320427a869df0619083415c735cee4f448bb14ab00271ae7be
s390x	nodejs-22.22.0-1.module_el9.7.0+208+fb06c0ab.s390x.rpm	636d353a3d084ef4071303bbe8046e5bb62386dc377c79f5b416bb76c8ccdc60
s390x	v8-12.4-devel-12.4.254.21-1.22.22.0.1.module_el9.7.0+208+fb06c0ab.s390x.rpm	aed4afa0d3d936a12ae411fcde3e6cdb59a5e696dbfb2fc78c62bee8bfe8f2e2
s390x	npm-10.9.4-1.22.22.0.1.module_el9.7.0+208+fb06c0ab.s390x.rpm	ea74a47058e87ab78b701b6d8f82d9ac13a99f93541229e0e50fcbd6e88e6666
x86_64	v8-12.4-devel-12.4.254.21-1.22.22.0.1.module_el9.7.0+208+fb06c0ab.x86_64.rpm	0b86ee80b9dcdfb5090365261a0552fc298b8b6e0f23d1d64f7cf57a6e303b09
x86_64	nodejs-22.22.0-1.module_el9.7.0+208+fb06c0ab.x86_64.rpm	5f459874472cf54c4bd6200d3acd90da753482f86c2a7ea40a11c2a3bcc431ff
x86_64	nodejs-devel-22.22.0-1.module_el9.7.0+208+fb06c0ab.x86_64.rpm	8afee73df576789ea58130e7cadd5705bf93d929a7a3ce135d6ad62bbd65a762
x86_64	nodejs-libs-22.22.0-1.module_el9.7.0+208+fb06c0ab.x86_64.rpm	cfc3f590893ea457570baf9bb2811c605388a7703a55f7a5d047ebfc469bbef1
x86_64	npm-10.9.4-1.22.22.0.1.module_el9.7.0+208+fb06c0ab.x86_64.rpm	d0532c23d57f390a0e685f09b612d702d4427d7af2bce2f6d2f6280147dcb3cd
x86_64	nodejs-full-i18n-22.22.0-1.module_el9.7.0+208+fb06c0ab.x86_64.rpm	fb101e89d5ba26fbdb1ad98ddc144e99b344e9a314d2ecc437203ead69992c0a

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.