FIND-20260325-007 · 2026-03-25 · Innovation Veille

Node.js 25.8.2 Current released — same batch as LTS security patches

release MEDIUM
Node.js 25.8.2 (Current) was released on March 24, 2026 as part of the coordinated security release. It patches the same CVEs as other lines plus CVE-2026-21711 (Permission Model bypass: UDS server bind/listen without --allow-net) and CVE-2026-21712 (assertion error in node_url.cc via malformed URL). The 25.x Current line is not used in ODS production but may be used in dev tooling.

Source

https://nodejs.org/en/blog/release/v25.8.2

ODS Impact

ODS production uses 22.x LTS. This finding is informational — if any developer uses Node.js 25.x locally or in CI scripts, they should upgrade to 25.8.2.

Security Review

License: N/A | Maintenance: ACTIVE | Risk: LOW | Recommendation: ADOPT

Tags

nodejs current release security v25
Generated by ODS Innovation Veille · 2026-03-25T07:07:11+00:00