Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-48933
PUBLISHED
More InfoOfficial Page
Assigner-hackerone
Assigner Org ID-36234546-b8fa-4601-9d6f-f4e334aa8ea1
View Known Exploited Vulnerability (KEV) details
Published At-26 Jun, 2026 | 01:14
Updated At-30 Jun, 2026 | 12:09
Rejected At-
▼CVE Numbering Authority (CNA)

A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Affected Products
Vendor
Node.js (OpenJS Foundation)nodejs
Product
node
Default Status
unaffected
Versions
Affected
  • From 22.22.3 through 22.22.3 (semver)
  • From 24.16.0 through 24.16.0 (semver)
  • From 26.3.0 through 26.3.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-190CWE-190 Integer Overflow
Type: CWE
CWE ID: CWE-190
Description: CWE-190 Integer Overflow
Metrics
VersionBase scoreBase severityVector
3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases
N/A
Hyperlink: https://nodejs.org/en/blog/vulnerability/june-2026-security-releases
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Hardened Images
CPEs
  • cpe:/a:redhat:hummingbird:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-770Allocation of Resources Without Limits or Throttling
Type: CWE
CWE ID: CWE-770
Description: Allocation of Resources Without Limits or Throttling
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

RHSA-2026:9455: Red Hat Hardened Images

RHSA-2026:28727: Red Hat Hardened Images

RHSA-2026:29012: Red Hat Hardened Images

RHSA-2026:7378: Red Hat Hardened Images

RHSA-2026:30172: Red Hat Hardened Images

Configurations

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2026-06-26 02:01:39
Made public.2026-06-26 01:14:36
Event: Reported to Red Hat.
Date: 2026-06-26 02:01:39
Event: Made public.
Date: 2026-06-26 01:14:36
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-48933
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2493331
issue-tracking
x_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48933.json
x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:9455
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:28727
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:29012
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7378
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30172
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-48933
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2493331
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48933.json
Resource:
x_sadp-csaf-vex
Hyperlink: https://access.redhat.com/errata/RHSA-2026:9455
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:28727
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:29012
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:7378
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:30172
Resource:
vendor-advisory
x_refsource_REDHAT
Details not found