vulnerability

SUSE: CVE-2026-22036: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:N/I:N/A:C)	Jan 27, 2026	Jan 27, 2026	Feb 13, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:C)

Published

Jan 27, 2026

Added

Jan 27, 2026

Modified

Feb 13, 2026

Description

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This vulnerability is fixed in 7.18.0 and 6.23.0.

Solutions

suse-upgrade-corepack20suse-upgrade-corepack22suse-upgrade-nodejs20suse-upgrade-nodejs20-develsuse-upgrade-nodejs20-docssuse-upgrade-nodejs22suse-upgrade-nodejs22-develsuse-upgrade-nodejs22-docssuse-upgrade-npm20suse-upgrade-npm22

References

CVE-2026-22036
https://attackerkb.com/topics/CVE-2026-22036
CWE-770
SUSE-SUSE-SU-2026:0295-1
SUSE-SUSE-SU-2026:0301-1
SUSE-SUSE-SU-2026:0435-1
SUSE-SUSE-SU-2026:0457-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today