216.73.217.86

CVE-2026-0775

· Published 23/01/2026 05:16 · Author: The MITRE Corporation

Labels: CVE-2026-0775 2026-01-23CVE-2026-0775CWE-732[email protected]

Essential information

Published
23/01/2026 05:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
7.0 HIGH (v3.1)
CISA KEV
No
CWE
CWE-732
EPSS (First)
P15.9% ?EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00248)
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25430.

NVD status

NVD
View on NVD