Medium
resolved
resolved
Assertion error in node_url.cc via malformed URL format leads to Node.js crash
Bug reported by Rafael Gonzaga was disclosed at March 26, 2026, 3:41 pm | Reachable Assertion
An assertion error in node_url.cc via malformed URL format leads to a Node.js crash. A flaw in the URL processing caused an assertion failure in the native code when url.format() was called with a malformed internationalized domain name containing invalid characters, crashing the Node.js process. This vulnerability affected Node.js versions 24.x and 25.x.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
