FIND-20260325-004 · 2026-03-25 · Innovation Veille

Node.js 22.22.2 LTS released — security update for 22.x line

release HIGH
Node.js 22.22.2 'Jod' (LTS) was released on March 24, 2026 as a security-only update. It patches all CVEs from the March 24 batch affecting the 22.x line: CVE-2026-21637 (TLS SNI DoS), CVE-2026-21710 (__proto__ header DoS), CVE-2026-21713 (HMAC timing side-channel), CVE-2026-21714 (HTTP/2 memory leak), CVE-2026-21717 (HashDoS in V8), CVE-2026-21715 (Permission Model bypass), and CVE-2026-21716 (FileHandle chmod patch bypass).

Source

https://nodejs.org/en/blog/release/v22.22.2

ODS Impact

ODS platform uses Node.js 22.x (LTS). The previous version 22.22.1 is vulnerable to 7 CVEs. Upgrade to 22.22.2 in all Node.js containers: ODS Dashboard, any Node.js tooling in CI/CD pipelines.

Security Review

License: N/A | Maintenance: ACTIVE | Risk: LOW | Recommendation: ADOPT

Tags

nodejs lts release security v22
Generated by ODS Innovation Veille · 2026-03-25T07:05:46+00:00