LOW
TooTallNate
CVE published 2026-03-03
CVE-2026-3449
## Summary CVE-2026-3449 is a **LOW-severity** vulnerability (CVSS 4.0: 1.9) in the npm package `@tootallnate/once` affecting versions prior to 3.0.1. The issue involves **Incorrect Control Flow Scoping (CWE-705)** when using the `AbortSignal` option, causing Promises to remain in a permanently pending state after signal abortion. This can lead to stalled requests, blocked workers, or degraded application [truncated]