Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Node.js security update for CVE-2025-59466 and related flaws

Security Patch Release
First reported
Last updated
Happening score
H score 20
1 unique sources, 1 articles

Summary

Hide ▲

Node.js released security updates for a critical async_hooks stack-overflow bug that could trigger DoS in production apps. The fix ships in Node.js 20.20.0, 22.22.0, 24.13.0, and 25.3.0, while older 8.x to 18.x branches remain EoL and unpatched. The release also covers CVE-2025-59466 and three other high-severity flaws in the Node.js security bundle.

Related Happenings

F5 security patch release for CVE-2026-42945

Security Patch Release
First: 14.05.2026 09:00 Last: 14.05.2026 09:00 Sources 1

About this happening: F5 released **security fixes** for **NGINX Plus** and **NGINX Open Source** after disclosing **multiple vulnerabilities**, including **CVE-2026-42945**. The patch release covers i...

Latest development: 17.05.2026 14:57

VulnCheck reported active exploitation of CVE-2026-42945 against NGINX Plus and NGINX Open, saying honeypot networks saw weaponized crafted HTTP requests that can crash worker processes and, when ASLR is disabled, enable remote code execution.

Open Happening

GitHub CVE-2026-3854 security patch release

Security Patch Release
First: 29.04.2026 15:41 Last: 29.04.2026 15:41 Sources 1

About this happening: **GitHub** released **security fixes** for **CVE-2026-3854**, patching **GitHub.com** and supported **GitHub Enterprise Server** builds after a critical **remote code execution**...

Open Happening

Google security patch release for CVE-2026-5858

Security Patch Release
First: 10.04.2026 13:44 Last: 10.04.2026 13:44 Sources 1

About this happening: **Google** released the first stable **Chrome 147** build, closing **60 vulnerabilities** and raising the browser’s baseline security ahead of broader deployment. The patch bundle...

Open Happening

Ubuntu snapd CVE-2026-3888 patch release

Security Patch Release
First: 18.03.2026 10:08 Last: 18.03.2026 10:08 Sources 1

About this happening: Ubuntu shipped fixed **snapd** builds for **CVE-2026-3888**, closing a **local-to-root privilege-escalation** path on **Ubuntu Desktop 24.04 and later**. The release covers **Ubun...

Open Happening

Chrome emergency zero-day patch (CVE-2026-3909, CVE-2026-3910)

Security Patch Release
First: 13.03.2026 08:56 Last: 13.03.2026 08:56 Sources 1

About this happening: **Google** pushed an **emergency Chrome update** for **Stable Desktop users** on **Windows, macOS, and Linux** after confirming **CVE-2026-3909** and **CVE-2026-3910** are **explo...

Latest development: 13.03.2026 11:17

Google discovers and reports CVE-2026-3909, an out-of-bounds write vulnerability in the Skia 2D graphics library, and CVE-2026-3910, an inappropriate implementation vulnerability in the V8 JavaScript and WebAssembly engine, on March 10, 2026; both issues are reachable via crafted HTML pages.

Open Happening

Timeline

  1. 14.01.2026 09:05 2 articles · 4mo ago

    Node.js releases fixes for CVE-2025-59466

    Mitigation Patch Update

    Node.js released security updates for a critical async_hooks stack overflow issue that could make Node.js exit with code 7 instead of throwing a catchable error, creating a denial-of-service risk for production applications that rely on AsyncLocalStorage and async_hooks. The fixes were shipped in Node.js 20.20.0 (LTS), Node.js 22.22.0 (LTS), Node.js 24.13.0 (LTS), and Node.js 25.3.0 (Current), with the flaw tracked as CVE-2025-59466 (CVSS score: 7.5).

    Show sources
    Open in new tab