CVE-2026-48933

HIGH NVD

CVSS Score 7.5

Severity HIGH

Published Jun 26, 2026

Vendor unknown

Description

A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

References

https://nodejs.org/en/blog/vulnerability/june-2026-security-releases