FIND-20260329-008 — Node.js security releases 2026-03-24 — all active lines updated (v22.22.2 LTS, v25.8.2 current)

Node.js released security updates on 2026-03-24 across all active release lines: v25.8.2 (current), v24.14.1, v22.22.2 (LTS Jod), v20.20.2. These releases address January 2026 security fixes including CVE-2026-21636 (permission model bypass via Unix Domain Socket), CVE-2026-21637 (TLS PSK/ALPN callback exceptions bypassing error handlers), and CVE-2025-55132 (fs.futimes() bypassing read-only permission model). ODS tracked v22.22.2 and v25.8.2 — both confirmed up-to-date. No version delta from last-versions.json.

ODS uses Node.js for ods-dashboard (Next.js/Hono) and frontend tooling. Confirm Node.js v22.22.2 LTS is used in Docker base images and CI. The permission model CVEs are relevant only if ODS uses the Node.js --permission flag, which is not in current use.

Node.js security releases 2026-03-24 — all active lines updated (v22.22.2 LTS, v25.8.2 current)

Source

ODS Impact

Security Review

Tags