Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-qyqn-hwvx-k7gs
Vulnerability ID VCID-qyqn-hwvx-k7gs
Aliases CVE-2026-0775
GHSA-3966-f6p6-2qr9
Summary Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ### Duplicate Advisory This advisory has been withdrawn because describes a dependency bump and therefore, per [CVE CNA rule 4.1.12](https://www.cve.org/ResourcesSupport/AllResources/CNARules/#section_4-1_Vulnerability_Determination), is a duplicate of GHSA-34x7-hfp2-rc4v/CVE-2026-24842. Additionally, per https://github.com/npm/cli/issues/8939#issuecomment-3862719883, npm cli should not be listed as an affected product. This link is maintained to preserve external references. ### Original Description npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-732 Incorrect Permission Assignment for Critical Resource
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0775.json
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2026-0775
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2026-0775
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2026-0775
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2026-0775
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2026-0775
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2026-0775
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2026-0775
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2026-0775
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2026-0775
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2026-0775
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2026-0775
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2026-0775
cvssv3.1 7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-3966-f6p6-2qr9
cvssv3.1 7.0 https://github.com/npm/cli
generic_textual HIGH https://github.com/npm/cli
cvssv3.1 7.0 https://github.com/npm/cli/issues/8939
generic_textual HIGH https://github.com/npm/cli/issues/8939
cvssv3.1 7.0 https://nvd.nist.gov/vuln/detail/CVE-2026-0775
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2026-0775
cvssv3.1 7.0 https://www.zerodayinitiative.com/advisories/ZDI-26-043
generic_textual HIGH https://www.zerodayinitiative.com/advisories/ZDI-26-043
cvssv3 7 https://www.zerodayinitiative.com/advisories/ZDI-26-043/
ssvc Track https://www.zerodayinitiative.com/advisories/ZDI-26-043/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0775.json
https://api.first.org/data/v1/epss?cve=CVE-2026-0775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0775
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/npm/cli
https://github.com/npm/cli/issues/8939
https://nvd.nist.gov/vuln/detail/CVE-2026-0775
https://www.zerodayinitiative.com/advisories/ZDI-26-043
1126756 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126756
2432280 https://bugzilla.redhat.com/show_bug.cgi?id=2432280
GHSA-3966-f6p6-2qr9 https://github.com/advisories/GHSA-3966-f6p6-2qr9
ZDI-26-043 https://www.zerodayinitiative.com/advisories/ZDI-26-043/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0775.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npm/cli
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npm/cli/issues/8939
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2026-0775
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.zerodayinitiative.com/advisories/ZDI-26-043
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.zerodayinitiative.com/advisories/ZDI-26-043/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:29Z/ Found at https://www.zerodayinitiative.com/advisories/ZDI-26-043/
Exploit Prediction Scoring System (EPSS)
Percentile 0.01121
EPSS Score 0.0001
Published At April 18, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:52:27.501236+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-3966-f6p6-2qr9/GHSA-3966-f6p6-2qr9.json 38.0.0