HIGHVulnerability
Verified
Global

NVD HIGH: CVE-2026-48615 — A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ...

·Source: NIST NVD

Updated:

Executive Summary

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Analysis

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**. CVSS Score: 7.5. Published: 2026-06-26T02:16:52.273.

Indicators of Compromise (1)

CVE (1)
CVE-2026-48615
Source Attribution

Originally published by NIST NVD on Jun 26, 2026. Verified by: NIST.

Related Threats