+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2026-03-26 (/Thread-HackerOne-Disclosed-Reports-2026-03-26)
HackerOne disclosed reports - 2026-03-26 - hashXploiter - 03-27-2026
Medium
resolved
resolved
Assertion error in node_url.cc via malformed URL format leads to Node.js crash
Bug reported by Rafael Gonzaga was disclosed at March 26, 2026, 3:41 pm | Reachable Assertion
An assertion error in node_url.cc via malformed URL format leads to a Node.js crash. A flaw in the URL processing caused an assertion failure in the native code when url.format() was called with a malformed internationalized domain name containing invalid characters, crashing the Node.js process. This vulnerability affected Node.js versions 24.x and 25.x.