Node.js Fixes AsyncLocalStorage Crash Bug That Could Take Down Production Servers

Keypoints

• When async_hooks/AsyncLocalStorage was enabled, a stack overflow could bypass try/catch and uncaughtException handlers and immediately terminate the Node.js process with exit code 7.
• The issue affected a broad portion of the ecosystem because AsyncLocalStorage is used by React Server Components, Next.js, and major APM/observability tools such as Datadog, New Relic, Elastic APM, Dynatrace, and OpenTelemetry.
• Node.js patched the behavior to detect stack overflow errors raised during async_hooks callbacks and rethrow them to user code so a catchable RangeError is returned instead of a fatal process exit.
• The fix shipped in the January 13, 2026 security releases (20.20.0, 22.22.0, 24.13.0, 25.3.0) but maintainers characterized it as a mitigation rather than a guarantee, citing ECMAScript/V8 variability in stack exhaustion handling.
• Node.js 24 and newer are not affected because AsyncLocalStorage was reimplemented using V8’s AsyncContextFrame API; older or EOL releases remain impacted unless updated.
• Maintainers strongly advise developers and hosting providers to validate or limit recursion depth in user-influenced inputs instead of relying on runtime stack-overflow recovery for availability.