The Node.js project has issued a series of security updates addressing multiple vulnerabilities across its active release lines. The update covers versions in the 20.x, 22.x, 24.x, and 25.x branches, and includes fixes for several high, medium, and low severity issues. Among the most notable concerns is CVE-2026-21637, which appears prominently in the release due to its incomplete nature prior to remediation. 

The March 2026 security rollout includes updates to dependencies such as undici (versions 6.24.1 and 7.24.4) for supported release lines. A key issue addressed is tied to CVE-2026-21637, which exposed weaknesses in TLS error handling.  Incomplete Fix for CVE-2026-21637 Leads to Rem...