Third-Party Package Updates in Splunk AppDynamics NodeJS Agent - March 2026
Advisory ID: SVD-2026-0311
CVE ID: Multiple
Published: 2026-03-11
Last Update: 2026-03-11
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics NodeJS Agent version 25.12.1, and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| busybox1 | Upgraded | Multiple | Low |
| curl | Upgraded to version 7.76.1-35 | CVE-2025-9086 | High |
| expat | Upgraded to version 2.5.0-5 | CVE-2025-59375 | High |
| glib | Upgraded to version 2.68.4-18 | CVE-2025-13601 | High |
| gnupg | Upgraded to version 2.3.3-5 | CVE-2025-68973 | High |
| iputils | Upgraded to version 20210202-15 | CVE-2025-48964 | Medium |
| libxml2 | Upgraded to version 2.9.13-14 | CVE-2025-9714 | Medium |
| openssl2 | Upgraded | Multiple | Critical |
| python3 | Upgraded | Multiple | Medium |
| qs4 | Upgraded | Multiple | High |
| rpm5 | Upgraded | Multiple | Medium |
| shadow / shadow-utils | Upgraded to version 4.9-15 | CVE-2024-56433 | Low |
| sqlite | Upgraded to version 3.34.1-9 | CVE-2025-6965 | Critical |
| systemd | Upgraded to version 252-55 | CVE-2025-4598 | Medium |
| tar6 | Upgraded | Multiple | High |
| util-linux | Upgraded to version 2.37.4-21 | CVE-2025-14104 | Medium |
| vim7 | Upgraded | Multiple | Medium |
1 Upgraded busybox from version 1.37.0-r19 to version 1.37.0-r30 to remedy CVE-2025-46394 and CVE-2024-58251.
2 Upgraded openssl from version 3.5.2 to version 3.5.5 to remedy CVE-2025-15467, CVE-2025-9230, CVE-2025-69420, CVE-2025-69421, CVE-2025-69419, CVE-2025-9231, CVE-2025-11187, CVE-2025-15468, CVE-2025-66199, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, and CVE-2025-69418.
3 Upgraded python from version 3.9.21-2 to version 3.9.25-3 to remedy CVE-2024-5642, CVE-2025-12084, CVE-2025-6075, CVE-2025-8291, and CVE-2025-6069.
4 Upgraded qs to version 6.14.2 to remedy CVE-2026-2391 and CVE-2025-15284.
5 Upgraded rpm from version 4.16.1.3-37 to version 4.16.1.3-39 to remedy CVE-2021-35939, CVE-2021-35938, and CVE-2021-35937.
6 Upgraded tar from version 7.4.3 to version 7.5.7 to remedy CVE-2026-23745, CVE-2026-24842, and CVE-2026-23950. The NodeJS Agent is not impacted by CVE-2025-45582 or any other GNU Tar-related CVEs.
7 Upgraded vim from version 8.2.2637-22 to version 8.2.2637-23 to remedy CVE-2025-53905 and CVE-2025-53906.
Solution
Upgrade Splunk AppDynamics NodeJS Agent to versions 25.12.1 or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk AppDynamics NodeJS Agent | 25.12 | Below 25.12.1 | 25.12.1 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.