Node.js cut security releases across all three maintained lines — Current 26.x, active LTS 24.x, and maintenance LTS 22.x — on June 17. The project flags the highest-severity fix as HIGH, and per its usual disclosure rhythm the specific CVEs and component details land with the builds rather than ahead of them. If you run Node in production, this is a same-day upgrade, not a someday one. Worth the reminder the release notes themselves make: end-of-life lines are always affected when a security release goes out, and they don't get a patch. If you're still on an EOL major, the fix for you is moving to a supported line, not waiting for one.