A vulnerability was found in Node.js up to 26.3.0 and classified as critical . This affects an unknown part of the component Unix Domain Socket Handler . The manipulation results in improper access controls. This vulnerability is reported as CVE-2026-48936 . The attack requires a local approach. No exploit exists.