VIR Vulnerability Intelligence Relay

CVE-2026-27904

high
Published 2026-04-09 · Modified 2026-04-15
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v2
VIR risk
8.0

Description

Important: nodejs:22 security update

Predictions

Exploit likelihood
30%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2026-7123.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2447145

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2447144

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2447143

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2447142

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2436942

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2026:7123

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2026-7896.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2026-8339.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2453151

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2448754

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442922

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2441268

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2026:8339

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2026-27904

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2026-27904.html

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2026:7302

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2026:7896

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2026:7302

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2026:7123

OS impact
OSVersionStatusFixed in
rockylinux rocky8fixed
redhat rhel9fixed
rockylinux rocky9fixed
suse slesaffected
debian debianbookwormaffected
debian debianbullseyeaffected
debian debianforkyfixed9.0.7-1
debian debiansidfixed9.0.7-1
debian debiantrixieaffected

Package impact
EcosystemPackageVulnerableFixed
npm npmminimatch>=10.0.0,<10.2.310.2.3
npm npmminimatch>=9.0.0,<9.0.79.0.7
npm npmminimatch>=8.0.0,<8.0.68.0.6
npm npmminimatch>=7.0.0,<7.4.87.4.8
npm npmminimatch>=6.0.0,<6.2.26.2.2
npm npmminimatch>=5.0.0,<5.1.85.1.8
npm npmminimatch>=4.0.0,<4.2.54.2.5
npm npmminimatch<3.1.43.1.4

References

Verify integrity in audit chain (admin only). AS-IS.