🟠 CVE-2026-48615

CVSS 评分: 7.5(高危) | 状态: Analyzed | 发布时间: 2026-06-26

漏洞描述

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERR_PROXY_TUNNEL error messages.

When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers.

This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.

漏洞详情

字段
CVE ID CVE-2026-48615
CVSS 评分 7.5(高危)
CVSS 向量 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE CWE-359
发布时间 2026-06-26
最后更新 2026-06-26
状态 Analyzed
数据来源 support@hackerone.com

参考链接

🤖 本文由 CVE 安全快讯机器人自动生成
数据来源: NVD (National Vulnerability Database) | 获取时间: 2026-06-27 06:07