CVE-2026-22863
HIGH 7.5Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. This vulnerability is fixed in 2.6.0.
Affected Applications in Environment
5
Deno
v2.3.1
9 devices
Deno
v1.28.2
8 devices
Deno
v1.46.3
9 devices
Deno
v1.41.0
2 devices
Deno
v1.37.2
1 device
Affected Devices
29
ATWOOD-PD-BSMTH
Windows
BUGLAB-188420
Windows
CAPS-1CR0NH3
Windows
DESKTOP-D7VPBP1
Windows
DESKTOP-JI1MGL6
Windows
DPADVS-3N9RCB4
Windows
DPADVS-A8191ZBY
Windows
DPADVS-L2273Y4T
Windows
DPAPSB-9BPL3Q3
Windows
DPDNNR-MZ0288MB
Windows
DPDNNR-PF4YDCYX
Windows
DPDNNR-PW0E0LYA
Windows
DPDNNR-YLT0LHMW
Windows
DPFCHD-CNZ6T34
Windows
DPINTC-N0120809
Windows
DPMATH-MZ01HEM3
Windows
DPMATH-MZ0290D7
Windows
GISTL22509
Windows
GISTL225A05
Windows
GISTL225A31
Windows
LGN-ENGR-106
Windows
LGN-MAIN-229A
Windows
LUTZLAB-MXL9112
Windows
RVSSCI2210-01
Windows
STUBER-GRAD-755
Windows
USU-44825594057
Windows
USULOAN345
Windows
USULOAN379
Windows
USULOAN501
Windows