CNNVD-202601-4170 Information

CNNVD ID

CNNVD-202601-4170

Related CVE

CVE-2026-0775

• CNNVD Published: 2026-01-23

Description (Chinese)

npm CLI是美国npm公司的一款软件包管理器。 npm cli存在安全漏洞，该漏洞源于从不安全位置加载模块，可能导致权限提升和执行任意代码。

Description (English)

npm CLI is a software package manager for the United States company npm. There is a security gap in npm cli, which stems from the loading of modules from unsafe locations, which may lead to the upgrading of privileges and the implementation of any code.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

npm

Published

2026-01-23

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-26-043/