Description
A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.

Node.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.

This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.
Published: 2026-03-30
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure via Timing Oracle
Action: Apply Patch
AI Analysis

Impact

A flaw in Node.js HMAC verification performs a non‑constant‑time comparison when validating user-supplied signatures, leaking timing information proportional to the number of matching bytes. This timing side channel can be used as a timing oracle to infer the correct HMAC value byte by byte. The weakness corresponds to a classic timing attack, identified as CWE‑208.

Affected Systems

Node.js releases 20.x, 22.x, 24.x, and 25.x are affected. Deployments that run any of these major versions and perform HMAC verification on externally supplied data are potentially vulnerable until remedied.

Risk and Exploitability

The CVSS score of 5.9 indicates a moderate severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability is not listed in the CISA KeV catalog. Exploitation requires an attacker to be able to make high‑resolution timing measurements against an endpoint that accepts signed data; this is inferred from the description and would typically require remote network access or a controlled environment where timing can be accurately captured. While the probability of successful exploitation is considered low, a successful attack could reveal protected data by reconstructing HMAC values.

Generated by OpenCVE AI on April 2, 2026 at 23:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Node.js to the latest release from the March 2026 security update series, which replaces the faulty comparison with a true constant‑time implementation.
  • Verify that the upgraded Node.js binary is actively in use and redeploy affected applications that previously relied on older Node.js versions.
  • If a patch cannot be applied immediately, temporarily disable or bypass any functionality that performs HMAC verification, or isolate the service to a network boundary that limits precise timing access.
  • Regularly monitor Node.js security advisories and incorporate version checks into deployment pipelines to prevent regression to vulnerable releases.

Generated by OpenCVE AI on April 2, 2026 at 23:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6183-1 nodejs security update
History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-203

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Timing Side‑Channel in Node.js HMAC Verification Node.js: Node.js: Information disclosure via timing oracle in HMAC verification
First Time appeared Nodejs
Nodejs nodejs
Weaknesses CWE-208
Vendors & Products Nodejs
Nodejs nodejs
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

threat_severity

Moderate

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Title Timing Side‑Channel in Node.js HMAC Verification
Weaknesses CWE-203

Mon, 30 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
Description A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values. Node.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision. This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.
References
Metrics cvssV3_0

{'score': 5.9, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Nodejs Nodejs
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-03-30T19:45:22.905Z

Reserved: 2026-01-04T15:00:06.574Z

Link: CVE-2026-21713

cve-icon Vulnrichment

Updated: 2026-03-30T19:45:19.620Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-30T20:16:19.397

Modified: 2026-04-01T14:24:21.833

Link: CVE-2026-21713

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-30T19:07:28Z

Links: CVE-2026-21713 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:38:08Z

Weaknesses