{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63932?format=json","vulnerability_id":"VCID-fetp-hvhq-dube","summary":"Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing","aliases":[{"alias":"CVE-2026-21712"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/401779?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=aarch64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=aarch64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/401780?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=armhf&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=armhf&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/401781?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=armv7&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=armv7&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/401782?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=loongarch64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=loongarch64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/401784?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=riscv64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=riscv64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/401785?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=s390x&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=s390x&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/401787?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=x86_64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=x86_64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/418201?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=aarch64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=aarch64&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/418202?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=armhf&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=armhf&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/418203?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=armv7&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=armv7&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/418204?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=loongarch64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=loongarch64&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/418205?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=ppc64le&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=ppc64le&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/418206?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=riscv64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/418207?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=s390x&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=s390x&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/418208?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=x86&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=x86&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/418209?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=x86_64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=x86_64&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/401783?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=ppc64le&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=ppc64le&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/401786?format=json","purl":"pkg:apk/alpine/nodejs@24.14.1-r0?arch=x86&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@24.14.1-r0%3Farch=x86&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/932803?format=json","purl":"pkg:deb/debian/nodejs@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/932797?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-x1an-pjq4-nbby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/932795?format=json","purl":"pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-xkpz-pb5y-jqcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/932799?format=json","purl":"pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/932844?format=json","purl":"pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/932798?format=json","purl":"pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063054?format=json","purl":"pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081550?format=json","purl":"pkg:deb/debian/nodejs@24.15.0%2Bdfsg%2B~cs24.12.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@24.15.0%252Bdfsg%252B~cs24.12.2-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1066717?format=json","purl":"pkg:rpm/redhat/nodejs24@1:24.14.1-2?arch=el10_1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-fetp-hvhq-dube"},{"vulnerability":"VCID-gv39-q6pw-yfh4"},{"vulnerability":"VCID-hgd1-7u6j-p7dh"},{"vulnerability":"VCID-hzsn-68be-dkej"},{"vulnerability":"VCID-n6ew-t7g1-33gn"},{"vulnerability":"VCID-ph2p-u33d-8yh3"},{"vulnerability":"VCID-q4u6-6pbw-5bcq"},{"vulnerability":"VCID-sy2z-sqgk-d7hg"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-vdca-exd1-rfce"},{"vulnerability":"VCID-xert-byqc-xbe2"},{"vulnerability":"VCID-z7ac-jr58-gkfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nodejs24@1:24.14.1-2%3Farch=el10_1"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21712.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21712.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21712","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01719","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02676","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02769","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02814","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02817","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02838","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02807","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02788","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02784","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02781","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02893","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02889","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02875","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02935","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04068","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04054","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04101","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09835","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09872","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09937","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09931","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09951","published_at":"2026-05-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21712"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453037","reference_id":"2453037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453037"},{"reference_url":"https://hackerone.com/reports/3546390","reference_id":"3546390","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:52:17Z/"}],"url":"https://hackerone.com/reports/3546390"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/march-2026-security-releases","reference_id":"march-2026-security-releases","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:52:17Z/"}],"url":"https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7350","reference_id":"RHSA-2026:7350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7670","reference_id":"RHSA-2026:7670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7675","reference_id":"RHSA-2026:7675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7675"}],"weaknesses":[{"cwe_id":168,"name":"Improper Handling of Inconsistent Special Elements","description":"The product does not properly handle input in which an inconsistency exists between two or more special characters or reserved words."}],"exploits":[],"severity_range_score":"5.7 - 6.5","exploitability":"0.5","weighted_severity":"5.9","risk_score":3.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fetp-hvhq-dube"}