You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 21637
About this tag
CVE-2026-21637 is a Node.js denial-of-service vulnerability involving TLS error-handling weaknesses in pskCallback and ALPNCallback. A remote client can crash a server or exhaust resources by exploiting this flaw. Microsoft flagged the issue through its Security Update Guide, linking it to HackerOne-sourced reporting. The vulnerability affects production environments where these TLS callbacks are used, making it a practical risk despite lacking flashy remote code execution claims. This tag covers discussions on the CVE, its impact, and available fixes.
When Microsoft quietly flags a CVE through its Security Update Guide, the shorthand can hide a lot of practical risk. In the case of CVE-2026-21637, the key issue is not a flashy remote code execution claim but something more mundane and, in many production environments, just as disruptive: a...