CVE-2026-48931

CVE-2026-48931CVE-2026-48931

Description

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Scoring

CVSS 3.7 ()
VectorCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Last modified2026-06-23
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.