PR-URL: #62184

Signed-off-by: RafaelGSS <[email protected]>
PR-URL: nodejs-private/node-private#794
Refs: https://hackerone.com/reports/3480841
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
CVE-ID: CVE-2026-21715

PR-URL: nodejs-private/node-private#795
Refs: https://hackerone.com/reports/3449392
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
CVE-ID: CVE-2026-21716

Signed-off-by: RafaelGSS <[email protected]>
PR-URL: nodejs-private/node-private#816
Refs: https://hackerone.com/reports/3546390
CVE-ID: CVE-2026-21712

Wrap the owner._SNICallback() invocation in loadSNI() with try/catch
to route exceptions through owner.destroy() instead of letting them
become uncaught exceptions. This completes the fix from CVE-2026-21637
which added try/catch protection to callALPNCallback,
onPskServerCallback, and onPskClientCallback but missed loadSNI().

Without this fix, a remote unauthenticated attacker can crash any
Node.js TLS server whose SNICallback may throw on unexpected input
by sending a single TLS ClientHello with a crafted server_name value.

Fixes: https://hackerone.com/reports/3556769
Refs: https://hackerone.com/reports/3473882
CVE-ID: CVE-2026-21637

PR-URL: nodejs-private/node-private#819
Reviewed-By: Robert Nagy <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>
CVE-ID: CVE-2026-21637

PR-URL: nodejs-private/node-private#820
Refs: https://hackerone.com/reports/3559715
Reviewed-By: Santiago Gimeno <[email protected]>
CVE-ID: CVE-2026-21711

Use { __proto__: null } instead of {} when initializing the
headersDistinct and trailersDistinct destination objects.

A plain {} inherits from Object.prototype, so when a __proto__
header is received, dest["__proto__"] resolves to Object.prototype
(truthy), causing _addHeaderLineDistinct to call .push() on it,
which throws an uncaught TypeError and crashes the process.

Ref: https://hackerone.com/reports/3560402
PR-URL: nodejs-private/node-private#821
Refs: https://hackerone.com/reports/3560402
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>
CVE-ID: CVE-2026-21710

Use `CRYPTO_memcmp` instead of `memcmp` in `HMAC` and `KMAC`
Web Cryptography algorithm implementations.

Ref: https://hackerone.com/reports/3533945
PR-URL: nodejs-private/node-private#822
Refs: https://hackerone.com/reports/3533945
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>
Reviewed-By: Сковорода Никита Андреевич <[email protected]>
CVE-ID: CVE-2026-21713

Refs: https://hackerone.com/reports/3531737
PR-URL: nodejs-private/node-private#832
CVE-ID: CVE-2026-21714

This enables v8_enable_seeded_array_index_hash and add a test for it.

Fixes: https://hackerone.com/reports/3511792

deps: V8: backport 0a8b1cdcc8b2

Original commit message:

    implement rapidhash secret generation

    Bug: 409717082
    Change-Id: I471f33d66de32002f744aeba534c1d34f71e27d2
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6733490
    Reviewed-by: Leszek Swirski <[email protected]>
    Commit-Queue: snek <[email protected]>
    Cr-Commit-Position: refs/heads/main@{#101499}

Refs: v8/v8@0a8b1cd
Co-authored-by: Joyee Cheung <[email protected]>

deps: V8: backport 185f0fe09b72

Original commit message:

    [numbers] Refactor HashSeed as a lightweight view over ByteArray

    Instead of copying the seed and secrets into a struct with value
    fields, HashSeed now stores a pointer pointing either into the
    read-only ByteArray, or the static default seed for off-heap
    HashSeed::Default() calls. The underlying storage is always
    8-byte aligned so we can cast it directly into a struct.

    Change-Id: I5896a7f2ae24296eb4c80b757a5d90ac70a34866
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7609720
    Reviewed-by: Leszek Swirski <[email protected]>
    Commit-Queue: Joyee Cheung <[email protected]>
    Cr-Commit-Position: refs/heads/main@{#105531}

Refs: v8/v8@185f0fe
Co-authored-by: Joyee Cheung <[email protected]>

deps: V8: backport 1361b2a49d02

Original commit message:

    [strings] improve array index hash distribution

    Previously, the hashes stored in a Name's raw_hash_field for decimal
    numeric strings (potential array indices) consist of the literal
    integer value along with the length of the string. This means
    consecutive numeric strings can have consecutive hash values, which
    can lead to O(n^2) probing for insertion in the worst case when e.g.
    a non-numeric string happen to land in the these buckets.

    This patch adds a build-time flag v8_enable_seeded_array_index_hash that
    scrambles the 24-bit array-index value stored in a Name's raw_hash_field
    to improve the distribution.

    x ^= x >> kShift; x = (x * m1) & kMask;    // round 1
    x ^= x >> kShift; x = (x * m2) & kMask;    // round 2
    x ^= x >> kShift;                          // finalize

    To decode, apply the same steps with the modular inverses of m1 and m2
    in reverse order.

    x ^= x >> kShift; x = (x * m2_inv) & kMask;    // round 1
    x ^= x >> kShift; x = (x * m1_inv) & kMask;    // round 2
    x ^= x >> kShift;                              // finalize

    where kShift = kArrayIndexValueBits / 2, kMask = kArrayIndexValueMask,
    m1, m2 (both odd) are the lower bits of the rapidhash secrets, m1_inv,
    m2_inv (modular inverses) are precomputed modular inverse of m1 and m2.
    The pre-computed values are appended to the hash_seed ByteArray in
    ReadOnlyRoots and accessed in generated code to reduce overhead.
    In call sites that don't already have access to the seeds, we read them
    from the current isolate group/isolate's read only roots.

    To consolidate the code that encode/decode these hashes, this patch
    adds MakeArrayIndexHash/DecodeArrayIndexFromHashField in C++ and CSA
    that perform seeding/unseeding if enabled, and updates places where
    encoding/decoding of array index is needed to use them.

    Bug: 477515021
    Change-Id: I350afe511951a54c4378396538152cc56565fd55
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7564330
    Reviewed-by: Leszek Swirski <[email protected]>
    Commit-Queue: Joyee Cheung <[email protected]>
    Cr-Commit-Position: refs/heads/main@{#105596}

Refs: v8/v8@1361b2a
Co-authored-by: Joyee Cheung <[email protected]>

deps: V8: cherry-pick aac14dd95e5b

Original commit message:

    [string] add 3rd round to seeded array index hash

    Since we already have 3 derived secrets, and arithmetics are
    relatively cheap, add a 3rd round to the xorshift-multiply
    seeding scheme. This brings the bias from ~3.4 to ~0.4.

    Bug: 477515021
    Change-Id: I1ef48954bcee8768d8c90db06ac8adb02f06cebf
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7655117
    Reviewed-by: Chengzhong Wu <[email protected]>
    Commit-Queue: Joyee Cheung <[email protected]>
    Reviewed-by: Leszek Swirski <[email protected]>
    Cr-Commit-Position: refs/heads/main@{#105824}

Refs: v8/v8@aac14dd
PR-URL: nodejs-private/node-private#834
CVE-ID: CVE-2026-21717

deps: V8: backport 185f0fe09b72

Original commit message:

    [numbers] Refactor HashSeed as a lightweight view over ByteArray

    Instead of copying the seed and secrets into a struct with value
    fields, HashSeed now stores a pointer pointing either into the
    read-only ByteArray, or the static default seed for off-heap
    HashSeed::Default() calls. The underlying storage is always
    8-byte aligned so we can cast it directly into a struct.

    Change-Id: I5896a7f2ae24296eb4c80b757a5d90ac70a34866
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7609720
    Reviewed-by: Leszek Swirski <[email protected]>
    Commit-Queue: Joyee Cheung <[email protected]>
    Cr-Commit-Position: refs/heads/main@{#105531}

Refs: v8/v8@185f0fe
Co-authored-by: Joyee Cheung <[email protected]>

deps: V8: backport 1361b2a49d02

Original commit message:

    [strings] improve array index hash distribution

    Previously, the hashes stored in a Name's raw_hash_field for decimal
    numeric strings (potential array indices) consist of the literal
    integer value along with the length of the string. This means
    consecutive numeric strings can have consecutive hash values, which
    can lead to O(n^2) probing for insertion in the worst case when e.g.
    a non-numeric string happen to land in the these buckets.

    This patch adds a build-time flag v8_enable_seeded_array_index_hash that
    scrambles the 24-bit array-index value stored in a Name's raw_hash_field
    to improve the distribution.

    x ^= x >> kShift; x = (x * m1) & kMask;    // round 1
    x ^= x >> kShift; x = (x * m2) & kMask;    // round 2
    x ^= x >> kShift;                          // finalize

    To decode, apply the same steps with the modular inverses of m1 and m2
    in reverse order.

    x ^= x >> kShift; x = (x * m2_inv) & kMask;    // round 1
    x ^= x >> kShift; x = (x * m1_inv) & kMask;    // round 2
    x ^= x >> kShift;                              // finalize

    where kShift = kArrayIndexValueBits / 2, kMask = kArrayIndexValueMask,
    m1, m2 (both odd) are the lower bits of the rapidhash secrets, m1_inv,
    m2_inv (modular inverses) are precomputed modular inverse of m1 and m2.
    The pre-computed values are appended to the hash_seed ByteArray in
    ReadOnlyRoots and accessed in generated code to reduce overhead.
    In call sites that don't already have access to the seeds, we read them
    from the current isolate group/isolate's read only roots.

    To consolidate the code that encode/decode these hashes, this patch
    adds MakeArrayIndexHash/DecodeArrayIndexFromHashField in C++ and CSA
    that perform seeding/unseeding if enabled, and updates places where
    encoding/decoding of array index is needed to use them.

    Bug: 477515021
    Change-Id: I350afe511951a54c4378396538152cc56565fd55
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7564330
    Reviewed-by: Leszek Swirski <[email protected]>
    Commit-Queue: Joyee Cheung <[email protected]>
    Cr-Commit-Position: refs/heads/main@{#105596}

Refs: v8/v8@1361b2a
Co-authored-by: Joyee Cheung <[email protected]>

deps: V8: cherry-pick aac14dd95e5b

Original commit message:

    [string] add 3rd round to seeded array index hash

    Since we already have 3 derived secrets, and arithmetics are
    relatively cheap, add a 3rd round to the xorshift-multiply
    seeding scheme. This brings the bias from ~3.4 to ~0.4.

    Bug: 477515021
    Change-Id: I1ef48954bcee8768d8c90db06ac8adb02f06cebf
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7655117
    Reviewed-by: Chengzhong Wu <[email protected]>
    Commit-Queue: Joyee Cheung <[email protected]>
    Reviewed-by: Leszek Swirski <[email protected]>
    Cr-Commit-Position: refs/heads/main@{#105824}

Refs: v8/v8@aac14dd

For compatibility with Python >= 3.12 we need a newer version of
`depot_tools` than is used for the older versions of V8.

PR-URL: #62344
Refs: nodejs/build#4278
Reviewed-By: Michaël Zasso <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>

PR-URL: #62216
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>

PR-URL: #62233
Reviewed-By: Antoine du Hamel <[email protected]>
Reviewed-By: Matthew Aitken <[email protected]>
Reviewed-By: Trivikram Kamat <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>

PR-URL: #62271
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>

This is a security release.

Notable changes:

build,deps,test:
  * (CVE-2026-21717) test array index hash collision
crypto:
  * (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC
http:
  * (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct
permission:
  * (CVE-2026-21711) include permission check to pipe_wrap.cc
  * (CVE-2026-21716) include permission check on lib/fs/promises
  * (CVE-2026-21715) add permission check to realpath.native
src:
  * (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code
  * (CVE-2026-21712) handle url crash on different url formats
tls:
  * (CVE-2026-21637) wrap SNICallback invocation in try/catch

PR-URL: nodejs-private/node-private#843