AIKIDO-2026-10028
node is vulnerable to Use of Uninitialized Resource
85
High Risk
This Affects:
nodeTL;DR
Affected versions of the package may expose uninitialized memory due to a flaw in Node.js buffer allocation when allocations are interrupted while using the vm module with the timeout option. Under specific timing conditions, buffers created via Buffer.alloc or TypedArray instances such as Uint8Array may contain residual data from previous operations, potentially leaking in-process secrets like tokens or passwords or causing data corruption.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
node is vulnerable to Use of Uninitialized Resource in versions 25.0.0 - 25.2.0, 23.0.0 - 24.12.0, 21.0.0 - 22.21.1 and 0.0.1 - 20.19.6.
How to fix this
Upgrade the node library to a patch version.
Links
nodejs.org/en/blog/vulnerability/december-2025-security-releases#timeout-based-race-conditions-make-uint8arraybufferalloc-non-zerofilled-cve-2025-55131---highnodejs.org/en/blog/vulnerability/december-2025-security-releases
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant