CVE-2026-21710

ADVISORY - nist

Summary

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named __proto__ and the application accesses req.headersDistinct.

When this occurs, dest["__proto__"] resolves to Object.prototype rather than undefined, causing .push() to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by error event listeners, meaning it cannot be handled without wrapping every req.headersDistinct access in a try/catch.

This vulnerability affects all Node.js HTTP servers on 20.x, 22.x, 24.x, and v25.x

EPSS Score⁠: 0.00028 (0.081)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Docker

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

BSA-2026-21710

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
node	generic	-	-	>=24.0.0,<24.14.1	24.14.1
node	generic	-	-	>=22.0.0,<22.22.2	22.22.2

Severity and metrics

No CVSS data available from this advisory.

Docker

CREATED

26 days ago

UPDATED

24 days ago

ADVISORY ID

CVE-2026-21710

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

NIST

CREATED

26 days ago

UPDATED

24 days ago

ADVISORY IDCVE-2026-21710⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-770⁠

CVSS SCORE

7.5high

Alpine

CREATED

1 month ago

UPDATED

14 hours ago

ADVISORY IDCVE-2026-21710⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

1 month ago

UPDATED

12 days ago

ADVISORY IDCVE-2026-21710⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

1 month ago

UPDATED

24 days ago

ADVISORY IDCVE-2026-21710⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

18 days ago

UPDATED

10 days ago

ADVISORY IDALSA-2026:7123⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

17 days ago

UPDATED

10 days ago

ADVISORY IDALSA-2026:7350⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

13 days ago

UPDATED

10 days ago

ADVISORY IDALSA-2026:7670⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

13 days ago

UPDATED

10 days ago

ADVISORY IDALSA-2026:7896⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

11 days ago

UPDATED

9 days ago

ADVISORY IDALSA-2026:8339⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

12 days ago

UPDATED

12 days ago

ADVISORY IDALAS2023-2026-1576⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

12 days ago

UPDATED

12 days ago

ADVISORY IDALAS2023-2026-1577⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

12 days ago

UPDATED

12 days ago

ADVISORY IDALAS2023-2026-1578⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Bitnami

CREATED

19 days ago

UPDATED

12 days ago

ADVISORY ID

BIT-node-2026-21710

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

Bitnami

CREATED

19 days ago

UPDATED

12 days ago

ADVISORY ID

BIT-node-min-2026-21710

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

Red Hat

CREATED

26 days ago

UPDATED

25 days ago

ADVISORY IDCVE-2026-21710⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-843⁠

CVSS SCORE

7.5high

Rocky

CREATED

13 days ago

UPDATED

13 days ago

ADVISORY IDRLSA-2026:7080⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

17 days ago

UPDATED

17 days ago

ADVISORY IDRLSA-2026:7123⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

16 days ago

UPDATED

16 days ago

ADVISORY IDRLSA-2026:7302⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

16 days ago

UPDATED

16 days ago

ADVISORY IDRLSA-2026:7350⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

12 days ago

UPDATED

12 days ago

ADVISORY IDRLSA-2026:7670⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

10 days ago

UPDATED

10 days ago

ADVISORY IDRLSA-2026:7675⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

12 days ago

UPDATED

11 days ago

ADVISORY IDRLSA-2026:7896⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

10 days ago

UPDATED

10 days ago

ADVISORY IDRLSA-2026:8339⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

18 days ago

UPDATED

18 days ago

ADVISORY IDELSA-2026-7080⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

17 days ago

UPDATED

17 days ago

ADVISORY IDELSA-2026-7123⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

16 days ago

UPDATED

16 days ago

ADVISORY IDELSA-2026-7302⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

16 days ago

UPDATED

16 days ago

ADVISORY IDELSA-2026-7350⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

13 days ago

UPDATED

13 days ago

ADVISORY IDELSA-2026-7670⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

13 days ago

UPDATED

13 days ago

ADVISORY IDELSA-2026-7675⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

12 days ago

UPDATED

12 days ago

ADVISORY IDELSA-2026-7896⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

9 days ago

UPDATED

9 days ago

ADVISORY IDELSA-2026-8339⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Chainguard

CREATED

9 days ago

UPDATED

9 days ago

ADVISORY ID

CGA-fmmf-9rjw-6f83

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

23 days ago

UPDATED

23 days ago

ADVISORY ID

MINI-32gw-w7gv-h9m9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

23 days ago

UPDATED

23 days ago

ADVISORY ID

MINI-492r-pc2g-2wg5

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

23 days ago

UPDATED

23 days ago

ADVISORY ID

MINI-7q5j-jh2h-5hpm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

MINI-97jq-gqf8-599q

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

23 days ago

UPDATED

23 days ago

ADVISORY ID

MINI-cv89-6xw4-w943

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

23 days ago

UPDATED

23 days ago

ADVISORY ID

MINI-pw39-qm2v-8425

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

23 days ago

UPDATED

23 days ago

ADVISORY ID

MINI-r7vg-g62m-xr5g

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

CVE-2026-21710

Summary

Common Weakness Enumeration (CWE)

CWE-770⁠

CWE-843⁠

Advisories

Docker

Docker

NIST

CVSS SCORE

Alpine

Debian

Ubuntu

CVSS SCORE

Alma

CVSS SCORE

Alma

CVSS SCORE

Alma

CVSS SCORE

Alma

CVSS SCORE

Alma

CVSS SCORE

Amazon

CVSS SCORE

Amazon

CVSS SCORE

Amazon

CVSS SCORE

Bitnami

CVSS SCORE

Bitnami

CVSS SCORE

Red Hat

CVSS SCORE

Rocky

CVSS SCORE

Rocky

CVSS SCORE

Rocky

CVSS SCORE

Rocky

CVSS SCORE

Rocky

CVSS SCORE

Rocky

CVSS SCORE

Rocky

CVSS SCORE

Rocky

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Chainguard

minimos

minimos

minimos

minimos

minimos

minimos

minimos