A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.
This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.
{
"cpes": [
"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"
],
"severity": "Medium"
}