Medium severity5.7NVD Advisory· Published Mar 30, 2026· Updated May 10, 2026
CVE-2026-21712
CVE-2026-21712
Description
A flaw in Node.js URL processing causes an assertion failure in native code when url.format() is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
25- osv-coords24 versionspkg:bitnami/nodepkg:bitnami/node-minpkg:rpm/almalinux/nodejspkg:rpm/almalinux/nodejs24pkg:rpm/almalinux/nodejs24-develpkg:rpm/almalinux/nodejs24-docspkg:rpm/almalinux/nodejs24-full-i18npkg:rpm/almalinux/nodejs24-libspkg:rpm/almalinux/nodejs24-npmpkg:rpm/almalinux/nodejs-develpkg:rpm/almalinux/nodejs-docspkg:rpm/almalinux/nodejs-full-i18npkg:rpm/almalinux/nodejs-libspkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-packagingpkg:rpm/almalinux/nodejs-packaging-bundlerpkg:rpm/almalinux/npmpkg:rpm/almalinux/v8-13.6-develpkg:rpm/opensuse/nodejs24&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/nodejs24&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/nodejs26&distro=openSUSE%20Tumbleweedpkg:rpm/suse/nodejs24&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP7pkg:rpm/suse/nodejs24&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/nodejs24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
>= 24.0.0, < 24.14.1+ 23 more
- (no CPE)range: >= 24.0.0, < 24.14.1
- (no CPE)range: >= 24.0.0, < 24.14.1
- (no CPE)range: < 1:24.14.1-2.module_el9.7.0+222+ef1c61e1
- (no CPE)range: < 1:24.14.1-2.el10_1
- (no CPE)range: < 1:24.14.1-2.el10_1
- (no CPE)range: < 1:24.14.1-2.el10_1
- (no CPE)range: < 1:24.14.1-2.el10_1
- (no CPE)range: < 1:24.14.1-2.el10_1
- (no CPE)range: < 1:11.11.0-1.24.14.1.2.el10_1
- (no CPE)range: < 1:24.14.1-2.module_el9.7.0+222+ef1c61e1
- (no CPE)range: < 1:24.14.1-2.module_el9.7.0+222+ef1c61e1
- (no CPE)range: < 1:24.14.1-2.module_el9.7.0+222+ef1c61e1
- (no CPE)range: < 1:24.14.1-2.module_el9.7.0+222+ef1c61e1
- (no CPE)range: < 3.0.3-3.module_el9.7.0+209+ecf6523e
- (no CPE)range: < 2021.06-6.module_el9.7.0+209+ecf6523e
- (no CPE)range: < 2021.06-6.module_el9.7.0+198+8bf605ba
- (no CPE)range: < 1:11.11.0-1.24.14.1.2.module_el9.7.0+222+ef1c61e1
- (no CPE)range: < 3:13.6.233.17-1.24.14.1.2.module_el9.7.0+222+ef1c61e1
- (no CPE)range: < 24.14.1-160000.1.1
- (no CPE)range: < 24.14.1-1.1
- (no CPE)range: < 26.3.1-1.1
- (no CPE)range: < 24.14.1-150700.15.8.1
- (no CPE)range: < 24.14.1-160000.1.1
- (no CPE)range: < 24.14.1-160000.1.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.