AIKIDO-2026-10030
node is vulnerable to Denial of Service (DoS)
80
High Risk
This Affects:
nodeTL;DR
Affected versions of the package are vulnerable to a crash due to improper handling of malformed HTTP/2 HEADERS frames containing oversized or invalid HPACK data. Such input can trigger an unhandled TLSSocket ECONNRESET error, causing the Node.js process to terminate instead of safely closing the connection, enabling a remote denial-of-service condition, particularly in applications without explicit secure socket error handlers.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
node is vulnerable to Denial of Service (DoS) in versions 25.0.0 - 25.2.0, 23.0.0 - 24.12.0, 21.0.0 - 22.21.1 and 0.0.1 - 20.19.6.
How to fix this
Upgrade the node library to a patch version.
Links
nodejs.org/en/blog/vulnerability/december-2025-security-releases#nodejs-http2-server-crashes-with-unhandled-error-when-receiving-malformed-headers-frame-cve-2025-59465---highnodejs.org/en/blog/vulnerability/december-2025-security-releases
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant