H1-3559715 — Vulnetix

H1-3559715 PUBLISHED CVSS 5.300000190734863 MEDIUM

Node.js Permission Model bypass: UDS server bind/listen works without `--allow-net`

Risk Scores

CVSS 3.1

5.300000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploit Intelligence

Node.js Permission Model bypass: UDS server bind/listen works without `--allow-net` (hackerone)
Node.js Permission Model bypass: UDS server bind/listen works without `--allow-net` (hackerone)

Timeline

Mar 30, 2026 CVE Published
Mar 30, 2026 PoC Published

References

Node.js Permission Model bypass: UDS server bind/listen works without `--allow-net` advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›