CVE-2026-21637 — Vulnetix

CVE-2026-21637 PUBLISHED

EPSS 0.06% · 17.8th percentile

Risk Scores

EPSS Score

0.06%

17.8th percentile

Affected Products

Vendor	Product	Versions
Amazon	nodejs20
Amazon	nodejs22
Amazon	nodejs24

Exploit Intelligence

Incomplete Fix for CVE-2026-21637: OCSPRequest and resumeSession Events Crash Node.js TLS Server via Unhandled Synchronous Exceptions (hackerone)
Incomplete Fix for CVE-2026-21637: OCSPRequest and resumeSession Events Crash Node.js TLS Server via Unhandled Synchronous Exceptions (hackerone)
open-flaw/CVE-2026-21717 (github-poc)
open-flaw/CVE-2026-21717 (github-poc)
open-flaw/CVE-2026-21717 (github-poc)
open-flaw/CVE-2026-21717 (github-poc)
open-flaw/CVE-2026-21717 (github-poc)
open-flaw/CVE-2026-21717 (github-poc)
open-flaw/CVE-2026-21717 (github-poc)
open-flaw/CVE-2026-21717 (github-poc)

…and 744 more exploits

Timeline

CVE Published
Jan 21, 2026 EPSS Score
Jan 24, 2026 EPSS Score
Jan 26, 2026 EPSS Score
Jan 29, 2026 EPSS Score
Feb 1, 2026 EPSS Score
Feb 4, 2026 EPSS Score
Feb 6, 2026 EPSS Score
Feb 9, 2026 EPSS Score
Feb 12, 2026 EPSS Score
Feb 12, 2026 PoC Published
Feb 15, 2026 EPSS Score

References

ALAS2023-2026-1402: nodejs20 (important) advisory
ALAS2023-2026-1403: nodejs22 (important) advisory
ALAS2023-2026-1404: nodejs24 (important) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›