CVE-2026-15895
CVE-2026-15895 : OS command injection vulnerability in the npm package loading component of AWS jsii-diff prior to v1.131.0. An attacker could exploit crafted package specifiers passed to the npm: source argument to execute arbitrary commands. Affected software is AWS jsii-diff (npm packaging) wi...