Node.js has released critical security updates addressing a vulnerability that could cause denial-of-service conditions in most production applications, especially those using async_hooks. The fix enhances error handling for stack overflows and impacts multiple framework and monitoring tools. #Node.js #async_hooks
Keypoints
- Node.js versions from 8.x to 25.x are affected by a stack overflow vulnerability.
- The issue causes Node.js to exit with code 7 instead of handling errors gracefully when using async_hooks.
- Several frameworks and APM tools, including React Server Components and Next.js, are impacted by this vulnerability.
- Updates have been released for LTS versions: 20.20.0, 22.22.0, 24.13.0, and the current version 25.3.0.
- Other high-severity flaws in Node.js also addressed could lead to data leakage, file reading, or remote DoS attacks.
Read More: https://thehackernews.com/2026/01/critical-nodejs-vulnerability-can-cause.html