CVE-2026-0775 is identified as a high-severity vulnerability affecting npm cli. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules, where the application loads modules from an unsecured location. Consequently, an attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user.
The severity level of this vulnerability is high, with a CVSS score of 7.0. This indicates that the potential impact on organizations can be significant, particularly in environments where npm cli installations are prevalent. Local privilege escalation vulnerabilities are critical as they can be exploited by authenticated users to gain elevated access to system resources.
As of now, there is no public exploit confirmed for this vulnerability, and it is currently awaiting analysis. However, organizations should prioritize patching immediately to address this vulnerability and mitigate potential risks associated with local privilege escalation.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)