fixup! blog: clarify in async hook DoS post and add CWE pointers

Author: joyeecheung

apps/site/pages/en/blog/vulnerability/january-2026-dos-mitigation-async-hooks.md

@@ -26,8 +26,6 @@ The weakness ultimately lies in the ecosystem's reliance on an unspecified behav
 
 When a stack overflow occurs in user code while `async_hooks` is enabled, Node.js **immediately exits with code `7`** instead of allowing `try-catch` blocks to catch the error. This is a special condition in Node.js that skips the `process.on('uncaughtException')` handlers, making the exception uncatchable.
 
-### Reproduction
-
 ```javascript
 import { createHook } from 'node:async_hooks';
 
@@ -46,8 +44,8 @@ try {
 }
 ```
 
-**Expected**: `try-catch` catches the `RangeError`
-**Actual**: Immediate crash with exit code 7
+- **Expected**: `try-catch` catches the `RangeError`
+- **Actual**: Immediate crash with exit code 7
 
 ## Why This Affects React and Next.js
 
@@ -191,7 +189,7 @@ The "Maximum call stack size exceeded" error is not part of the ECMAScript speci
 - [CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior](https://cwe.mitre.org/data/definitions/758.html)
 - [CWE-674: Uncontrolled Recursion](https://cwe.mitre.org/data/definitions/674.html)
 
-It's worth noting that even when ECMAScript specifies that [proper tail calls](https://tc39.es/ecma262/#sec-tail-position-calls) [should reuse stack frames](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Execution_model#tail_calls), this is not implemented by most JavaScript engines today, including V8. And in the few JavaScript engines that do implement it, proper tail calls can block an application with infinite recursion instead of hitting the stack size limit at some point and stopping with an error, which is also a Denial-of-Service factor. This reinforces that stack overflow behavior cannot be relied upon for defending against Denial-of-Service attacks.
+It's worth noting that even when ECMAScript specifies that [proper tail calls](https://tc39.es/ecma262/#sec-tail-position-calls) [should reuse stack frames](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Execution_model#tail_calls), this is not implemented by most JavaScript engines today, including V8. And in the few JavaScript engines that do implement it, proper tail calls (as used in [the reproduction above](#the-reproduction)) can block an application with infinite recursion instead of hitting the stack size limit at some point and stopping with an error, which is another Denial-of-Service vector. This reinforces that stack overflow behavior cannot be relied upon for defending against Denial-of-Service attacks.
 
 ### This Behavior Is Not Part of The Security Guarantees of V8