CVE-2026-21713

Name	CVE-2026-21713
Description	A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values. Node.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision. This vulnerability affects 20.x, 22.x, 24.x, and 25.x.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-6183-1, DSA-6272-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
nodejs (PTS)	bullseye	12.22.12~dfsg-1~deb11u4	fixed
	bullseye (security)	12.22.12~dfsg-1~deb11u8	fixed
	bookworm	18.20.4+dfsg-1~deb12u1	vulnerable
	bookworm (security)	18.20.4+dfsg-1~deb12u2	fixed
	trixie (security), trixie	20.19.2+dfsg-1+deb13u2	fixed
	forky, sid	24.15.0+dfsg+~cs24.12.2-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
nodejs	source	bullseye	(not affected)
nodejs	source	bookworm	18.20.4+dfsg-1~deb12u2	DSA-6272-1
nodejs	source	trixie	20.19.2+dfsg-1+deb13u2	DSA-6183-1
nodejs	source	(unstable)	22.22.2+dfsg+~cs22.19.15-1

Notes

[bullseye] - nodejs <not-affected> (vulnerable code introduced later)
https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#timing-side-channel-in-hmac-verification-via-memcmp-in-crypto_hmaccc-leads-to-potential-mac-forgery-cve-2026-21713---medium
Fixed by: https://github.com/nodejs/node/commit/cfb51fa9ce1da2a8c810ec35bcc7c000f8c94faf (v20.20.2)