Bug 2493331 (CVE-2026-48933) - CVE-2026-48933 nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()
Summary: CVE-2026-48933 nodejs: Node.js WebCrypto: Denial of Service via large input t...
Keywords:
Status: NEW
Alias: CVE-2026-48933
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2493800 2493801 2493802
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-26 02:02 UTC by OSIDB Bzimport
Modified: 2026-07-06 14:45 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:35841 0 None None None 2026-07-06 04:37:04 UTC
Red Hat Product Errata RHSA-2026:35842 0 None None None 2026-07-06 05:16:37 UTC
Red Hat Product Errata RHSA-2026:35891 0 None None None 2026-07-06 14:23:51 UTC
Red Hat Product Errata RHSA-2026:35892 0 None None None 2026-07-06 14:45:13 UTC

Description OSIDB Bzimport 2026-06-26 02:02:02 UTC
A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.

This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Comment 2 errata-xmlrpc 2026-07-06 04:37:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:35841 https://access.redhat.com/errata/RHSA-2026:35841

Comment 3 errata-xmlrpc 2026-07-06 05:16:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:35842 https://access.redhat.com/errata/RHSA-2026:35842

Comment 4 errata-xmlrpc 2026-07-06 14:23:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:35891 https://access.redhat.com/errata/RHSA-2026:35891

Comment 5 errata-xmlrpc 2026-07-06 14:45:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:35892 https://access.redhat.com/errata/RHSA-2026:35892


Note You need to log in before you can comment on or make changes to this bug.