Security advisory for Open Source node.js in UCWeb

Release date	19.06.2026
Reference	PROCALL-8061 ESPPP-1455
Criticality	CRITICAL
CVSS Score	9.8
Versions with the issue resolved	ProCall 8 Enterprise ≥ 8.10.2 ProCall Infinity (DataCenter) 2603.1

Description

Security-critical error related to Open Source node.js in UCWeb service

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2004

Affected versions

This vulnerability affects all previously released versions of ProCall 8 Enterprise and ProCall Infinity (DataCenter).

Versions with bug fixes

estos has already released updates that fix the vulnerability. Customers and partners can obtain the updates via the usual channels and follow the normal update process.

ProCall 8 Enterprise 8.10.2 (Hotfix Released 26 Juni, 2026)

Coming soon

ProCall Infinity 2603.1 - Expected in CW 27 (CW = Calendar Week)

End-of-life

Please note the following: If you are using older estos product versions that are no longer supported (End-of-Life has been reached), we strongly recommend updating your software to the current versions for security reasons.
This is because security patches are only regularly developed and made available for current software versions.