A flaw in Node.js HTTP/2 client allows a server to send...
Moderate severity
Unreviewed
Published
Jun 26, 2026
to the GitHub Advisory Database
Description
Published by the National Vulnerability Database
Jun 26, 2026
Published to the GitHub Advisory Database
Jun 26, 2026
A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client.
This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.
References