CVE-2026-21715 | Node.js up to 20.20.1/22.22.1/24.14.0/25.8.1 File Existence fs.realpathSync.native information disclosure

Inserito da Angelo Barbosa | Mar 30, 2026 | CVE

A vulnerability was found in Node.js up to 20.20.1/22.22.1/24.14.0/25.8.1 and classified as problematic. This vulnerability affects the function fs.realpathSync.native of the component File Existence Handler. Executing a manipulation can lead to information disclosure.

This vulnerability appears as CVE-2026-21715. The attack may be performed from remote. There is no available exploit.

It is suggested to upgrade the affected component.

CVE-2026-21715 | Node.js up to 20.20.1/22.22.1/24.14.0/25.8.1 File Existence fs.realpathSync.native information disclosure

Post correlati

CVE-2026-1045 | Viet Contact Plugin up to 1.3.2 on WordPress Setting ll1/ll2/ll3/ll4 cross site scripting

CVE-2024-8731 | Cron Jobs Plugin up to 1.2.9 on WordPress cross site scripting

CVE-2021-47554 | Linux Kernel up to 5.15.5 vdpa_sim vdpasim_create null pointer dereference (e4d58ac67e63/bb93ce4b150d)

CVE-2025-53236 | AndonDesign UDesign Core Plugin up to 4.14.0 on WordPress authorization