BIT-node-2026-48617

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/node/BIT-node-2026-48617.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-node-2026-48617
Aliases
Published
2026-06-23T14:50:46.123Z
Modified
2026-06-23T15:26:39.103797667Z
Summary
[none]
Details

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport() Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.

Database specific 
{
    "severity": "Low",
    "cpes": [
        "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*"
    ]
}
References

Affected packages

Bitnami / node

Package

Name
node
Purl
pkg:bitnami/node

Severity

  • 1.8 (Low) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
22.23.0
Introduced
23.0.0
Fixed
24.17.0
Introduced
25.0.0
Fixed
26.3.1

Database specific

source 
"https://github.com/bitnami/vulndb/tree/main/data/node/BIT-node-2026-48617.json"