CVE-2026-22036 — Vulnetix

CVE-2026-22036 PUBLISHED

EPSS 0.02% · 6.9th percentile

Risk Scores

EPSS Score

0.02%

6.9th percentile

Affected Products

Vendor	Product	Versions
Amazon	nodejs24

Exploit Intelligence

CIRCL seen: CVE-2026-22036 (circl-sighting)
CIRCL seen: CVE-2026-22036 (circl-sighting)
CIRCL seen: CVE-2026-22036 (circl-sighting)
https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9 (circl)
https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3 (circl)
http-client.js (github-poc)
http-client.js (github-poc)
cve_2026_22036_client.js (github-poc)
cve_2026_22036_client.js (github-poc)
cve_2026_22036_client.js (github-poc)

…and 31 more exploits

Timeline

Jan 14, 2026 CVE Published
Jan 14, 2026 PoC Published
Jan 15, 2026 EPSS Score
Jan 15, 2026 PoC Published
Jan 18, 2026 EPSS Score
Jan 21, 2026 EPSS Score
Jan 22, 2026 CVE Updated
Jan 24, 2026 EPSS Score
Jan 24, 2026 PoC Published
Jan 27, 2026 EPSS Score
Jan 30, 2026 EPSS Score
Jan 30, 2026 Security Advisory

References

ALAS2023-2026-1404: nodejs24 (important) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›