Home / Vulnerability Intelligence / CVE-2026-21717

CVE-2026-21717 - Vulnerability Analysis

MediumCVSS: 5.9

Last Updated: March 30, 2026

Node.js - Denial of Service

Published: March 30, 2026Updated: March 30, 2026PoC AvailableRemote Exploitable

Overview

V8 in Node.js 20.x, 22.x, 24.x, and 25.x contains a performance degradation vulnerability caused by predictable hash collisions in the string hashing mechanism, letting attackers degrade Node.js process performance, exploit requires attacker-controlled input to JSON.parse().

Severity & Score

Severity: Medium

CVSS Score: 5.9

Impact

Attackers can significantly degrade Node.js process performance, causing denial of service.

Mitigation

Update to the latest Node.js version beyond 25.x.

References

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-21717
Severity: Medium
CVSS Score: 5.9
Type: undefined
Status: new

CVSS Metrics

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H