CVE-2026-22863

Exploit

EPSS 0.2%
Veröffentlicht 15.01.2026 22:53:15
Zuletzt bearbeitet 21.01.2026 14:35:52
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Deno node:crypto doesn't finalize cipher

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. This vulnerability is fixed in 2.6.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Deno ≫ Deno Version < 2.6.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.093

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	9.2	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-325 Missing Cryptographic Step

The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

https://github.com/denoland/deno/security/advisories/GHSA-5379-f5hf-w38v

Vendor Advisory

Exploit

https://github.com/denoland/deno/releases/tag/v2.6.0

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2026-22863

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-22863

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-22863

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-22863