CVE-2025-70949

Published March 5th, 2026

CVSS v3

7.5

HIGH

CVSS v2

N/A

Affected

PROJECTS

Description

An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel.

Powerful authentication for APIs and apps using CouchDB (or Cloudant) with Node >= 14

GitHub

Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript.

NPM