CVE-2026-1245

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N                                    

Vulnerability Description

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without sanitization, enabling attackers to execute arbitrary code in the context of the Node.js process.

Vulnerability Details

Published Date

January 20, 2026

Last Modified

January 26, 2026

Source

GitHub

Vendor

npm

Product

binary-parser

External References

https://nvd.nist.gov/vuln/detail/CVE-2026-1245
https://github.com/keichi/binary-parser/pull/283
https://www.kb.cert.org/vuls/id/102648
https://github.com/keichi/binary-parser
https://kb.cert.org/vuls/id/102648
https://www.cve.org/CVERecord?id=CVE-2026-1245
https://www.npmjs.com/package/binary-parser
https://github.com/advisories/GHSA-m39p-34qh-rh3w

CVE-2026-1245

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment