{"vulnerability": "cve-2026-21713", "sightings": [{"uuid": "ac9c8e9f-0eff-49cc-b797-be5402a36208", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21713", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3michxdrm5224", "content": "", "creation_timestamp": "2026-03-30T20:13:08.013008Z"}, {"uuid": "374ac557-8bbe-4de9-9e46-af0468a71446", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-21713", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/node-js-multiple-vulnerabilities_20260325", "content": "", "creation_timestamp": "2026-03-25T03:00:00.000000Z"}, {"uuid": "cce25669-a2f2-4a09-8de6-3ce68dfb1833", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21713", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mk675y6xcq2e", "content": "", "creation_timestamp": "2026-04-23T14:15:32.164623Z"}, {"uuid": "a67a892e-f0f3-4dfd-9aa3-e35fe10ec443", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21713", "type": "seen", "source": "https://t.me/securixy_kz/1356", "content": "\ud83e\udde8 npm \u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442: \u0410\u043f\u0440\u0435\u043b\u044c 2026 \n\n\u0414\u0432\u0435 \u043d\u0435\u0434\u0435\u043b\u0438 \u0430\u0442\u0430\u043a \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a. \n\n\u2620\ufe0f Axios - supply chain \u043e\u0442 Sapphire Sleet (UNC1069)\n\n\u0421\u0435\u0432\u0435\u0440\u043e\u043a\u043e\u0440\u0435\u0439\u0446\u044b \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u043c\u0435\u0439\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430.}\n\u0412\u0435\u0440\u0441\u0438\u0438 1.14.1 \u0438 0.30.4 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u044c plain-crypto-js, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0447\u0435\u0440\u0435\u0437 postinstall \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442 RAT \u043d\u0430 Windows / macOS / Linux.\n\u0426\u0435\u043b\u044c: AWS/Azure-\u043a\u043b\u044e\u0447\u0438, GitHub-\u0442\u043e\u043a\u0435\u043d\u044b, env-\u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435.\n\u26a0\ufe0f \u041f\u0430\u043a\u0435\u0442 - 70+ \u043c\u043b\u043d \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u043d\u0438\u0439 \u0432 \u043d\u0435\u0434\u0435\u043b\u044e.\n\ud83d\udee1 \u041e\u0442\u043a\u0430\u0442\u0438\u0442\u044c\u0441\u044f \u043d\u0430 1.14.0 / 0.30.3, \u0440\u043e\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0441\u0435 \u0441\u0435\u043a\u0440\u0435\u0442\u044b.\n\ud83d\udd27 npm ci --ignore-scripts \u043a\u0430\u043a \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u0430\u044f \u043c\u0435\u0440\u0430.\n\ud83d\udd17 Microsoft Security Blog | SANS\n\n\ud83d\udc22 TeamPCP - \u0430\u0442\u0430\u043a\u0438 \u0447\u0435\u0440\u0435\u0437 \u0442\u0440\u0430\u043d\u0437\u0438\u0442\u0438\u0432\u043d\u044b\u0435 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441 \u0432\u043d\u0435\u0434\u0440\u044f\u0435\u0442\u0441\u044f \u043d\u0430 \u0433\u043b\u0443\u0431\u043e\u043a\u0438\u0445 \u0443\u0440\u043e\u0432\u043d\u044f\u0445 \u0434\u0435\u0440\u0435\u0432\u0430 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\u0416\u0435\u0440\u0442\u0432\u044b: Trivy, KICS, \u0432\u0441\u043f\u043e\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0435 npm-\u0443\u0442\u0438\u043b\u0438\u0442\u044b.\n\ud83d\udd17 Zscaler ThreatLabz\n\n\ud83d\udcf1 React Native - \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b\n\n\u0417\u0430\u0440\u0430\u0436\u0435\u043d\u044b react-native-international-phone-number \u0438 react-native-country-select.\n\u0410\u0442\u0430\u043a\u0430 \u0432 \u0442\u0440\u0438 \u0432\u043e\u043b\u043d\u044b: \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u2192 \u0441\u0442\u0435\u0439\u0434\u0436\u0435\u0440 \u2192 \u043f\u0435\u0439\u043b\u043e\u0430\u0434.\n\ud83d\udea9 IOC \u0432 package-lock.json: \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 @agnoliaarisian7180/* \u0438\u043b\u0438 @usebioerhold8733/*\n\ud83d\udd17 StepSecurity Report\n\n\ud83d\udd29 Node.js \u043f\u0430\u0442\u0447\u0438 (\u043c\u0430\u0440\u0442-\u0430\u043f\u0440\u0435\u043b\u044c 2026)\n\nCVE-2026-21714 - \u0443\u0442\u0435\u0447\u043a\u0430 \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 HTTP/2, DoS \u0447\u0435\u0440\u0435\u0437 WINDOW_UPDATE\nCVE-2026-21713 - \u0442\u0430\u0439\u043c\u0438\u043d\u0433-\u0430\u0442\u0430\u043a\u0430 \u043d\u0430 HMAC \u0432 Web Crypto API\n\ud83d\udd17 HeroDevs\n\n\ud83d\udee1 \u0427\u0442\u043e \u0434\u0435\u043b\u0430\u0442\u044c \u043f\u0440\u044f\u043c\u043e \u0441\u0435\u0439\u0447\u0430\u0441:\n1. \u041e\u0442\u043a\u0430\u0442\u0438\u0442\u044c Axios \u0441 1.14.1 / 0.30.4\n2. \u0414\u043e\u0431\u0430\u0432\u0438\u0442\u044c -ignore-scripts \u0432 CI/CD\n3. \u0420\u043e\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0435\u043a\u0440\u0435\u0442\u044b \u043d\u0430 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043c\u0430\u0448\u0438\u043d\u0430\u0445\n4. \u041f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c package-lock.json \u043d\u0430 IOC\u2019s", "creation_timestamp": "2026-07-12T22:00:06.002234Z"}, {"uuid": "0a612ec3-1b28-4bc8-a3b4-2d00028d3c95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21713", "type": "seen", "source": "https://t.me/securixy_kz/1356", "content": "\ud83e\udde8 npm \u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442: \u0410\u043f\u0440\u0435\u043b\u044c 2026 \n\n\u0414\u0432\u0435 \u043d\u0435\u0434\u0435\u043b\u0438 \u0430\u0442\u0430\u043a \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a. \n\n\u2620\ufe0f Axios - supply chain \u043e\u0442 Sapphire Sleet (UNC1069)\n\n\u0421\u0435\u0432\u0435\u0440\u043e\u043a\u043e\u0440\u0435\u0439\u0446\u044b \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u043c\u0435\u0439\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430.}\n\u0412\u0435\u0440\u0441\u0438\u0438 1.14.1 \u0438 0.30.4 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u044c plain-crypto-js, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0447\u0435\u0440\u0435\u0437 postinstall \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442 RAT \u043d\u0430 Windows / macOS / Linux.\n\u0426\u0435\u043b\u044c: AWS/Azure-\u043a\u043b\u044e\u0447\u0438, GitHub-\u0442\u043e\u043a\u0435\u043d\u044b, env-\u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435.\n\u26a0\ufe0f \u041f\u0430\u043a\u0435\u0442 - 70+ \u043c\u043b\u043d \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u043d\u0438\u0439 \u0432 \u043d\u0435\u0434\u0435\u043b\u044e.\n\ud83d\udee1 \u041e\u0442\u043a\u0430\u0442\u0438\u0442\u044c\u0441\u044f \u043d\u0430 1.14.0 / 0.30.3, \u0440\u043e\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0441\u0435 \u0441\u0435\u043a\u0440\u0435\u0442\u044b.\n\ud83d\udd27 npm ci --ignore-scripts \u043a\u0430\u043a \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u0430\u044f \u043c\u0435\u0440\u0430.\n\ud83d\udd17 Microsoft Security Blog | SANS\n\n\ud83d\udc22 TeamPCP - \u0430\u0442\u0430\u043a\u0438 \u0447\u0435\u0440\u0435\u0437 \u0442\u0440\u0430\u043d\u0437\u0438\u0442\u0438\u0432\u043d\u044b\u0435 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441 \u0432\u043d\u0435\u0434\u0440\u044f\u0435\u0442\u0441\u044f \u043d\u0430 \u0433\u043b\u0443\u0431\u043e\u043a\u0438\u0445 \u0443\u0440\u043e\u0432\u043d\u044f\u0445 \u0434\u0435\u0440\u0435\u0432\u0430 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\u0416\u0435\u0440\u0442\u0432\u044b: Trivy, KICS, \u0432\u0441\u043f\u043e\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0435 npm-\u0443\u0442\u0438\u043b\u0438\u0442\u044b.\n\ud83d\udd17 Zscaler ThreatLabz\n\n\ud83d\udcf1 React Native - \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b\n\n\u0417\u0430\u0440\u0430\u0436\u0435\u043d\u044b react-native-international-phone-number \u0438 react-native-country-select.\n\u0410\u0442\u0430\u043a\u0430 \u0432 \u0442\u0440\u0438 \u0432\u043e\u043b\u043d\u044b: \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u2192 \u0441\u0442\u0435\u0439\u0434\u0436\u0435\u0440 \u2192 \u043f\u0435\u0439\u043b\u043e\u0430\u0434.\n\ud83d\udea9 IOC \u0432 package-lock.json: \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 @agnoliaarisian7180/* \u0438\u043b\u0438 @usebioerhold8733/*\n\ud83d\udd17 StepSecurity Report\n\n\ud83d\udd29 Node.js \u043f\u0430\u0442\u0447\u0438 (\u043c\u0430\u0440\u0442-\u0430\u043f\u0440\u0435\u043b\u044c 2026)\n\nCVE-2026-21714 - \u0443\u0442\u0435\u0447\u043a\u0430 \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 HTTP/2, DoS \u0447\u0435\u0440\u0435\u0437 WINDOW_UPDATE\nCVE-2026-21713 - \u0442\u0430\u0439\u043c\u0438\u043d\u0433-\u0430\u0442\u0430\u043a\u0430 \u043d\u0430 HMAC \u0432 Web Crypto API\n\ud83d\udd17 HeroDevs\n\n\ud83d\udee1 \u0427\u0442\u043e \u0434\u0435\u043b\u0430\u0442\u044c \u043f\u0440\u044f\u043c\u043e \u0441\u0435\u0439\u0447\u0430\u0441:\n1. \u041e\u0442\u043a\u0430\u0442\u0438\u0442\u044c Axios \u0441 1.14.1 / 0.30.4\n2. \u0414\u043e\u0431\u0430\u0432\u0438\u0442\u044c -ignore-scripts \u0432 CI/CD\n3. \u0420\u043e\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0435\u043a\u0440\u0435\u0442\u044b \u043d\u0430 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043c\u0430\u0448\u0438\u043d\u0430\u0445\n4. \u041f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c package-lock.json \u043d\u0430 IOC\u2019s", "creation_timestamp": "2026-07-13T00:00:16.512821Z"}]}