CVE-2026-55849informação

Sumário

de MITRE • 08/07/2026

@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npm_execpath is unset or empty, allowing arbitrary OS command execution with the privileges of the invoking user. This issue is fixed in version 5.0.0.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Divulgação

08/07/2026

Moderação

em revisão

EPSS

0.00000

KEV

não

Atividades

muito baixo

Fontes

Want to know what is going to be exploited?

We predict KEV entries!