A flaw in Node.js proxy tunnel error handling could...
Moderate severity
Unreviewed
Published
Jun 26, 2026
to the GitHub Advisory Database
Description
Published by the National Vulnerability Database
Jun 26, 2026
Published to the GitHub Advisory Database
Jun 26, 2026
A flaw in Node.js proxy tunnel error handling could expose proxy credentials in
ERR_PROXY_TUNNELerror messages.When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers.
This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.
References