Home > Vulnerability Database > CVE-2026-22863

Mend.io Vulnerability Database

CVE-2026-22863

Good to know:

Date: January 15, 2026

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. This vulnerability is fixed in 2.6.0.

Severity Score

8.6

Related Resources (5)

Url: https://github.com/denoland/deno

Url: https://github.com/denoland/deno/security/advisories/GHSA-5379-f5hf-w38v

Url: https://github.com/denoland/deno/releases/tag/v2.6.0

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-22863

Url: https://www.mend.io/vulnerability-database/CVE-2026-22863

Severity Score

8.6

Weakness Type (CWE)

Missing Cryptographic Step

CWE-325

Top Fix

Upgrade Version

Upgrade to version deno - 2.6.0;https://github.com/denoland/deno.git - v2.6.0

Learn More

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-22863

Good to know:

Date: January 15, 2026

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?