What is CVE-2026-21711?

CVE-2026-21711 is a medium-severity vulnerability in Nodejs Node. CVSS score: 5.3/10. Published 2026-03-30.

How severe is CVE-2026-21711?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Nodejs Node

CVE-2026-21711

A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under…

EPSS: 0.000 (0.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Nodejs Node — versions 25.8.1, 4.0, 5.0

References

nodejs.org/en/blog/vulnerability/march-2026-security-releases

Frequently asked questions

What is CVE-2026-21711?: CVE-2026-21711 is a medium-severity vulnerability in Nodejs Node. CVSS score: 5.3/10. Published 2026-03-30.
How severe is CVE-2026-21711?: Medium severity. CVSS v3 base score is 5.3 out of 10.