CVE-2026-3449
ADVISORY - githubSummary
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.
EPSS Score: 0.00012 (0.017)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Incorrect Control Flow Scoping
ADVISORY - github
Incorrect Control Flow Scoping
ADVISORY - redhat
Use of Blocking Code in Single-threaded, Non-blocking Context
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-3449
EXPLOITABILITY SCORE
1.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
4.8mediumGitHub
CREATED
UPDATED
ADVISORY IDGHSA-vpq2-c234-7xj6
EXPLOITABILITY SCORE
1.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
1.9lowRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2026-3449
EXPLOITABILITY SCORE
2.5
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
4mediumminimos
CREATED
UPDATED
ADVISORY ID
MINI-4fhq-mrwp-fj26
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-4fpm-mhh4-c98j
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-fq7h-x4px-cv49
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-r555-wj8g-84p4
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-wcx4-79w3-37xv
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-wx23-rqhg-hw9w
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-