CVE-2026-0775
ADVISORY - githubSummary
Duplicate Advisory
This advisory has been withdrawn because describes a dependency bump and therefore, per CVE CNA rule 4.1.12, is a duplicate of GHSA-34x7-hfp2-rc4v/CVE-2026-24842. Additionally, per https://github.com/npm/cli/issues/8939#issuecomment-3862719883, npm cli should not be listed as an affected product. This link is maintained to preserve external references.
Original Description
npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user.
Common Weakness Enumeration (CWE)
Incorrect Permission Assignment for Critical Resource
Incorrect Permission Assignment for Critical Resource
NIST
1
CVSS SCORE
7highGitHub
1.0
CVSS SCORE
7highDebian
-
CVSS SCORE
N/AlowUbuntu
-
CVSS SCORE
N/AmediumChainguard
CGA-ghqj-xpxq-7jx6
-
minimos
MINI-9cqq-j3fp-3v58
-