{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-0775", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2026-01-08T22:50:45.465Z", "datePublished": "2026-01-23T03:29:14.622Z", "dateUpdated": "2026-06-30T12:07:12.616Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-01-23T03:29:14.622Z" }, "title": "npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "descriptions": [ { "lang": "en", "value": "npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25430." } ], "affected": [ { "vendor": "npm", "product": "cli", "versions": [ { "version": "10.9.0", "status": "affected" } ], "defaultStatus": "unknown" } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "type": "CWE" } ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-043/", "name": "ZDI-26-043", "tags": [ "x_research-advisory" ] } ], "dateAssigned": "2026-01-08T22:50:45.489Z", "datePublic": "2026-01-12T20:35:28.565Z", "source": { "lang": "en", "value": "Anonymous" }, "metrics": [ { "format": "CVSS", "cvssV3_0": { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7, "baseSeverity": "HIGH" } } ] }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "id": "CVE-2026-0775", "role": "CISA Coordinator", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "version": "2.0.3", "timestamp": "2026-01-24T04:55:29.621474Z" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:44:25.563Z" } }, { "affected": [ { "cpes": [ "cpe:/a:redhat:confidential_compute_attestation:1" ], "defaultStatus": "unaffected", "product": "Confidential Compute Attestation", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:cryostat:4" ], "defaultStatus": "unaffected", "product": "Cryostat 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:logging:5" ], "defaultStatus": "unaffected", "product": "Logging Subsystem for Red Hat OpenShift", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:rhmt:1" ], "defaultStatus": "unaffected", "product": "Migration Toolkit for Containers", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "unaffected", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:network_observ_optr:1" ], "defaultStatus": "unaffected", "product": "Network Observability Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:workload_availability_nhc:0" ], "defaultStatus": "unaffected", "product": "Node HealthCheck Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_lightspeed" ], "defaultStatus": "unaffected", "product": "OpenShift Lightspeed", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_pipelines:1" ], "defaultStatus": "unaffected", "product": "OpenShift Pipelines", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "unaffected", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:red_hat_3scale_amp:2" ], "defaultStatus": "unaffected", "product": "Red Hat 3scale API Management Platform 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:acm:2" ], "defaultStatus": "unaffected", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:amq_broker:7" ], "defaultStatus": "unaffected", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2" ], "defaultStatus": "unaffected", "product": "Red Hat Ansible Automation Platform 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:apache_camel_hawtio:4" ], "defaultStatus": "unaffected", "product": "Red Hat build of Apache Camel - HawtIO 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:connectivity_link:1" ], "defaultStatus": "unaffected", "product": "Red Hat Connectivity Link 1", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:rhdh:1" ], "defaultStatus": "unaffected", "product": "Red Hat Developer Hub", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:enterprise_linux_ai:3" ], "defaultStatus": "unaffected", "product": "Red Hat Enterprise Linux AI (RHEL AI) 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "unaffected", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8" ], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_ai" ], "defaultStatus": "unaffected", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4" ], "defaultStatus": "unaffected", "product": "Red Hat Openshift Data Foundation 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_devspaces:3" ], "defaultStatus": "unaffected", "product": "Red Hat OpenShift Dev Spaces", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_gitops:1" ], "defaultStatus": "unaffected", "product": "Red Hat OpenShift GitOps", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:quay:3" ], "defaultStatus": "unaffected", "product": "Red Hat Quay 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:satellite:6" ], "defaultStatus": "unaffected", "product": "Red Hat Satellite 6", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7" ], "defaultStatus": "unaffected", "product": "Red Hat Single Sign-On 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:trusted_artifact_signer:1" ], "defaultStatus": "unaffected", "product": "Red Hat Trusted Artifact Signer", "vendor": "Red Hat" } ], "datePublic": "2026-01-23T03:29:14.622Z", "descriptions": [ { "lang": "en", "value": "npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25430." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-732", "description": "Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE" } ] } ], "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2026-0775" }, { "name": "RHBZ#2432280", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432280" }, { "tags": [ "x_sadp-csaf-vex" ], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0775.json" } ], "timeline": [ { "lang": "en", "time": "2026-01-23T04:02:55.468Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2026-01-23T03:29:14.622Z", "value": "Made public." } ], "title": "npmcli: npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability", "x_adpType": "supplier", "x_generator": { "engine": "sadp-cli 1.0.0" }, "providerMetadata": { "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-06-30T12:07:12.616Z" } } ] } }