CVE-2026-22863

Опубликовано: 15 янв. 2026

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. This vulnerability is fixed in 2.6.0.

Ссылки

https://github.com/denoland/deno/releases/tag/v2.6.0
Release Notes
https://github.com/denoland/deno/security/advisories/GHSA-5379-f5hf-w38v
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:*

Версия до 2.6.0 (исключая)

EPSS

Процентиль: 1%

0.0001

Низкий

7.5 High

CVSS3

Дефекты

CWE-325

Связанные уязвимости

GHSA-5379-f5hf-w38v

github

23 дня назад

Deno node:crypto doesn't finalize cipher

BDU:2026-00636

CVSS3: 8.6

fstec