Loading market data...
← Back to CVE feed

CVE-2026-48615

HIGH CVSS 7.5 View on NVD ↗

Description

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

nodejs/node.js
Published: Jun 26, 2026 02:16 UTC Modified: Jun 26, 2026 20:18 UTC