SUSE-SU-2026:1371-1
Vulnerability from csaf_suse - Published: 2026-04-15 14:46 - Updated: 2026-04-15 14:46Summary
Security update for nodejs20
Severity
Important
Notes
Title of the patch: Security update for nodejs20
Description of the patch: This update for nodejs20 fixes the following issues:
Update to version 20.20.2.
- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for
performance degradation via a crafted request (bsc#1260494).
- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file
permissions and ownership on already-open file descriptors (bsc#1260462).
- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and
filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).
- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent
on stream 0 (bsc#1260480).
- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and
potential MAC forgery (bsc#1260463).
- CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a
header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455).
- CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or
`ALPNCallback` are in use (bsc#1256576).
Patchnames: SUSE-2026-1371,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1371,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1371,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1371,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1371
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs20",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs20 fixes the following issues:\n\nUpdate to version 20.20.2.\n\n- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8\u0027s string hashing mechanism allows for\n performance degradation via a crafted request (bsc#1260494).\n- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file\n permissions and ownership on already-open file descriptors (bsc#1260462).\n- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and\n filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).\n- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent\n on stream 0 (bsc#1260480).\n- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and\n potential MAC forgery (bsc#1260463).\n- CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a\n header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455).\n- CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or\n `ALPNCallback` are in use (bsc#1256576).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1371,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1371,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1371,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1371,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1371",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1371-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1371-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261371-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1371-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045546.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256576",
"url": "https://bugzilla.suse.com/1256576"
},
{
"category": "self",
"summary": "SUSE Bug 1260455",
"url": "https://bugzilla.suse.com/1260455"
},
{
"category": "self",
"summary": "SUSE Bug 1260462",
"url": "https://bugzilla.suse.com/1260462"
},
{
"category": "self",
"summary": "SUSE Bug 1260463",
"url": "https://bugzilla.suse.com/1260463"
},
{
"category": "self",
"summary": "SUSE Bug 1260480",
"url": "https://bugzilla.suse.com/1260480"
},
{
"category": "self",
"summary": "SUSE Bug 1260482",
"url": "https://bugzilla.suse.com/1260482"
},
{
"category": "self",
"summary": "SUSE Bug 1260494",
"url": "https://bugzilla.suse.com/1260494"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21710 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21713 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21717 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21717/"
}
],
"title": "Security update for nodejs20",
"tracking": {
"current_release_date": "2026-04-15T14:46:54Z",
"generator": {
"date": "2026-04-15T14:46:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1371-1",
"initial_release_date": "2026-04-15T14:46:54Z",
"revision_history": [
{
"date": "2026-04-15T14:46:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.20.2-150500.11.27.1.aarch64",
"product": {
"name": "corepack20-20.20.2-150500.11.27.1.aarch64",
"product_id": "corepack20-20.20.2-150500.11.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs20-20.20.2-150500.11.27.1.aarch64",
"product": {
"name": "nodejs20-20.20.2-150500.11.27.1.aarch64",
"product_id": "nodejs20-20.20.2-150500.11.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"product": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"product_id": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm20-20.20.2-150500.11.27.1.aarch64",
"product": {
"name": "npm20-20.20.2-150500.11.27.1.aarch64",
"product_id": "npm20-20.20.2-150500.11.27.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.20.2-150500.11.27.1.i586",
"product": {
"name": "corepack20-20.20.2-150500.11.27.1.i586",
"product_id": "corepack20-20.20.2-150500.11.27.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs20-20.20.2-150500.11.27.1.i586",
"product": {
"name": "nodejs20-20.20.2-150500.11.27.1.i586",
"product_id": "nodejs20-20.20.2-150500.11.27.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.20.2-150500.11.27.1.i586",
"product": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.i586",
"product_id": "nodejs20-devel-20.20.2-150500.11.27.1.i586"
}
},
{
"category": "product_version",
"name": "npm20-20.20.2-150500.11.27.1.i586",
"product": {
"name": "npm20-20.20.2-150500.11.27.1.i586",
"product_id": "npm20-20.20.2-150500.11.27.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"product": {
"name": "nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"product_id": "nodejs20-docs-20.20.2-150500.11.27.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.20.2-150500.11.27.1.ppc64le",
"product": {
"name": "corepack20-20.20.2-150500.11.27.1.ppc64le",
"product_id": "corepack20-20.20.2-150500.11.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs20-20.20.2-150500.11.27.1.ppc64le",
"product": {
"name": "nodejs20-20.20.2-150500.11.27.1.ppc64le",
"product_id": "nodejs20-20.20.2-150500.11.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"product": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"product_id": "nodejs20-devel-20.20.2-150500.11.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm20-20.20.2-150500.11.27.1.ppc64le",
"product": {
"name": "npm20-20.20.2-150500.11.27.1.ppc64le",
"product_id": "npm20-20.20.2-150500.11.27.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.20.2-150500.11.27.1.s390x",
"product": {
"name": "corepack20-20.20.2-150500.11.27.1.s390x",
"product_id": "corepack20-20.20.2-150500.11.27.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs20-20.20.2-150500.11.27.1.s390x",
"product": {
"name": "nodejs20-20.20.2-150500.11.27.1.s390x",
"product_id": "nodejs20-20.20.2-150500.11.27.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"product": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"product_id": "nodejs20-devel-20.20.2-150500.11.27.1.s390x"
}
},
{
"category": "product_version",
"name": "npm20-20.20.2-150500.11.27.1.s390x",
"product": {
"name": "npm20-20.20.2-150500.11.27.1.s390x",
"product_id": "npm20-20.20.2-150500.11.27.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.20.2-150500.11.27.1.x86_64",
"product": {
"name": "corepack20-20.20.2-150500.11.27.1.x86_64",
"product_id": "corepack20-20.20.2-150500.11.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs20-20.20.2-150500.11.27.1.x86_64",
"product": {
"name": "nodejs20-20.20.2-150500.11.27.1.x86_64",
"product_id": "nodejs20-20.20.2-150500.11.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"product": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"product_id": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm20-20.20.2-150500.11.27.1.x86_64",
"product": {
"name": "npm20-20.20.2-150500.11.27.1.x86_64",
"product_id": "npm20-20.20.2-150500.11.27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.20.2-150500.11.27.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch"
},
"product_reference": "nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.20.2-150500.11.27.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch"
},
"product_reference": "nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.20.2-150500.11.27.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch"
},
"product_reference": "nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.20.2-150500.11.27.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch"
},
"product_reference": "nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21637"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21637",
"url": "https://www.suse.com/security/cve/CVE-2026-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1256576 for CVE-2026-21637",
"url": "https://bugzilla.suse.com/1256576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:46:54Z",
"details": "moderate"
}
],
"title": "CVE-2026-21637"
},
{
"cve": "CVE-2026-21710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21710"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21710",
"url": "https://www.suse.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "SUSE Bug 1260455 for CVE-2026-21710",
"url": "https://bugzilla.suse.com/1260455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:46:54Z",
"details": "important"
}
],
"title": "CVE-2026-21710"
},
{
"cve": "CVE-2026-21713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21713"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21713",
"url": "https://www.suse.com/security/cve/CVE-2026-21713"
},
{
"category": "external",
"summary": "SUSE Bug 1260463 for CVE-2026-21713",
"url": "https://bugzilla.suse.com/1260463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:46:54Z",
"details": "moderate"
}
],
"title": "CVE-2026-21713"
},
{
"cve": "CVE-2026-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21714"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21714",
"url": "https://www.suse.com/security/cve/CVE-2026-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1260480 for CVE-2026-21714",
"url": "https://bugzilla.suse.com/1260480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:46:54Z",
"details": "moderate"
}
],
"title": "CVE-2026-21714"
},
{
"cve": "CVE-2026-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21715"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21715",
"url": "https://www.suse.com/security/cve/CVE-2026-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21715",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:46:54Z",
"details": "low"
}
],
"title": "CVE-2026-21715"
},
{
"cve": "CVE-2026-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21716"
}
],
"notes": [
{
"category": "general",
"text": "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21716",
"url": "https://www.suse.com/security/cve/CVE-2026-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1260462 for CVE-2026-21716",
"url": "https://bugzilla.suse.com/1260462"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:46:54Z",
"details": "moderate"
}
],
"title": "CVE-2026-21716"
},
{
"cve": "CVE-2026-21717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21717"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in V8\u0027s string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8\u0027s internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21717",
"url": "https://www.suse.com/security/cve/CVE-2026-21717"
},
{
"category": "external",
"summary": "SUSE Bug 1260494 for CVE-2026-21717",
"url": "https://bugzilla.suse.com/1260494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:46:54Z",
"details": "moderate"
}
],
"title": "CVE-2026-21717"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…