MEDIUM
Hackerone
CVE published 2026-03-30
CVE-2026-21712
CVE-2026-21712 is a denial-of-service issue in Node.js URL handling. According to the supplied description, calling url.format() with a malformed internationalized domain name (IDN) containing invalid characters can trigger an assertion failure in native code and crash the Node.js process. The issue was published on 2026-03-30 and later modified on 2026-05-10.