Update from Jan 15, 2026
The Dynatrace team has finished the analysis of the Node.js vulnerability, that can cause server crashes (CVE-2025-59466).
Dynatrace software does not introduce, contain or ship this vulnerability.
Dynatrace OneAgent uses Node.js APIs as intended to enable monitoring. We therefore highly recommend customers to update the versions of Node.js they are using to run applications instrumented for observability with Dynatrace.
Recommendation to customers:
Upgrade to the patched Node.js versions released on January 13th, 2026:
- Node.js 20.20.0
- Node.js 22.22.0
- Node.js 24.13.0
- Node.js 25.3.0
Notice
This document is provided on an “as is” basis, with no express or implied warranties. Some of the information provided may come from third parties. Your use of the information in the document or materials linked from the document is at your own risk. Dynatrace reserves the right to change or update this document without notice at any time. Dynatrace expects to update this document as new information becomes available.
