CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started (via a Unix domain socket), even without the `--allow-net` permission. This vulnerability affects one supported release line: **Node.js 26**.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 4.5%

CVSS Severity

CVSS v3 Score 3.3

References

https://nodejs.org/en/blog/vulnerability/june-2026-security-releases

Products affected by CVE-2026-48936

Nodejs » Node.js » Version: 26.3.0

cpe:2.3:a:nodejs:node.js:26.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-48936

Products

Pricing

Contact Us