TLS Vulnerability in Deno Affects Data Security
CVE-2026-44726

7.4HIGH

Key Information:

Vendor: Denoland
Status: Deno
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-44726?

A security flaw in Deno's TLS compatibility layer could allow application data to be transmitted in plaintext under certain conditions. Versions 2.0.0 to 2.7.8 are affected. When 'autoSelectFamily' was enabled, if the initial connection attempt using IPv6 failed, the system would attempt to fallback to a TCP connection without upgrading to TLS. Consequently, this flawed process could expose sensitive data during transmission, as an attacker could leverage the situation to intercept or modify the supposedly secure traffic. The vulnerability is addressed in version 2.7.8 of Deno.

Affected Version(s)

deno >= 2.0.0, < 2.7.8

References

https://github.com/denoland/deno/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44726 Data

JSON

Denoland

What is CVE-2026-44726?

Affected Version(s)

References

CVSS V3.1

Timeline