HashDos in Node.js

HashDos in Node.js

Advisory ID	CVE Number	Date discovered	Severity	Advisory revision
STORM-2026-008	CVE-2026-21717	03/24/2026	low	v1

Vulnerability details

An attacker can use a specially crafted request to degrade the performance of the Node process

Impacted products

Products	Severity	Detail
Stormshield Management Center	low	SMC is impacted

Revisions

Version	Date	Description
v1		Initial release

Stormshield Management Center

CVSS v3.1 Overall Score: 3.4

Analysis	Impacted version
A flaw in Node.js V8’s string hashing mechanism can degrade performance of SMC when handling specially crafted requests.	SMC < 3.9.1

Workaround solution	Solution
There is no workaround solution.	The SMC 3.9.1 update will fix this vulnerability.

Attack Vector	Attack Complexity	Privileges Required	User Interaction	Scope	Confidentiality Impact	Integrity Impact	Availability impact
Adjacent Network	Low	Low	None	Unchanged	None	None	High

CVSS Base score: 5.7	CVSS Vector: (AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Exploit Code Maturity	Remediation Level	Report Confidence
Unproven that exploit exists	Official fix	Confirmed

CVSS Temporal score: 5	CVSS Vector: (AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Confidentiality Requirement (CR)	Integrity Requirement (IR)	Availability Requirement (AR)
Low	Low	Low

CVSS Environmental score: 3.4	CVSS Vector: (AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)

RSS Feed Contact Report a vulnerability Legal terms STORMSHIELD Corporate website Personal Data