CVE-2026-2265

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N                                    

Vulnerability Description

An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input and execute the resulting object.

Vulnerability Details

Published Date

April 01, 2026

Last Modified

April 03, 2026

Source

NVD

External References

https://github.com/inikulin/replicator
https://github.com/inikulin/replicator/pull/19
https://morielharush.github.io/2026/03/31/cve-2026-2265-replicator-deserialization-of-untrusted-data/

CVE-2026-2265

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment