CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 15.9%

CVSS Severity

CVSS v3 Score 4.2

References

https://nodejs.org/en/blog/vulnerability/june-2026-security-releases

Products affected by CVE-2026-48928

Nodejs » Node.js » Version: 22.22.3

cpe:2.3:a:nodejs:node.js:22.22.3
Nodejs » Node.js » Version: 24.16.0

cpe:2.3:a:nodejs:node.js:24.16.0
Nodejs » Node.js » Version: 26.3.0

cpe:2.3:a:nodejs:node.js:26.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-48928

Products

Pricing

Contact Us