Node.JS System Information Library <5.3.1 - Remote Command Injection

Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. id: CVE-2021-21315 info: name: Node.JS System...

DEBIAN-CVE-2026-44724

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

CVE-2026-44724

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

CVE-2026-44724 systeminformation: Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

CVE-2026-44724

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

EUVD-2026-32639

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

CVE-2026-44724 systeminformation: Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

CVE-2026-44724

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

ROOT-APP-NPM-CVE-2026-26280 CVE-2026-26280 in @rootio/systeminformation - Patched by Root

Root has patched CVE-2026-26280 in the @rootio/systeminformation package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44724 CVE-2026-44724 in @rootio/systeminformation - Patched by Root

Root has patched CVE-2026-44724 in the @rootio/systeminformation package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-68154 CVE-2025-68154 in @rootio/systeminformation - Patched by Root

Root has patched CVE-2025-68154 in the @rootio/systeminformation package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-26318 CVE-2026-26318 in @rootio/systeminformation - Patched by Root

Root has patched CVE-2026-26318 in the @rootio/systeminformation package for Root:npm. Multiple fixed versions available...

Command Injection

Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection in the networkInterfaces function when handling NetworkManager connection profile names obtained from nmcli device status output. An attacker can execute...

@abtnode/core (>=1.0.15 <=1.1.9), @agentuity/evals (>=0.0.104 <=2.0.17) +721 more potentially affected by CVE-2026-44724 via systeminformation (>=4.1.5 <=5.31.5)

systeminformation NPM version =4.1.5, =1.0.15, =0.0.104, =3.0.0-alpha.0, =0.0.6, =0.0.63, =0.0.2, =3.0.0-alpha.0, =0.1.1, =0.1.1, =4.1.0, =4.0.0-devnet.2-patch.0, =0.0.1-2.1-beta-provision, =3.0.0-next.12, =1.0.0, =2.0.0 and more Source cves: CVE-2026-44724 Source advisory: OSV:GHSA-HVX9-HWR7-WJJ...

Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

Summary On Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. This is not caused by a caller passing attacker-controlled arguments into networkInterfaces. The vulnerable value is...

@abtnode/core (>=1.0.15 <=1.1.9), @agentuity/evals (>=0.0.104 <=2.0.17) +721 more potentially affected by CVE-2026-44724 via systeminformation (>=4.1.5 <=5.31.5)

systeminformation NPM version =4.1.5, =1.0.15, =0.0.104, =3.0.0-alpha.0, =0.0.6, =0.0.63, =0.0.2, =3.0.0-alpha.0, =0.1.1, =0.1.1, =4.1.0, =4.0.0-devnet.2-patch.0, =0.0.1-2.1-beta-provision, =3.0.0-next.12, =1.0.0, =2.0.0 and more Source cves: CVE-2026-44724 Source advisory:...

NPM: Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

NPM: Systeminformation vulnerable to Linux command injection in networkInterfaces via unsanitized NetworkManager connection profile name vulnerability discovered by ? in WordPress Npm systeminformation versions = 4.17.0, = 5.31.5...

GHSA-HVX9-HWR7-WJJ9 Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

Summary On Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. This is not caused by a caller passing attacker-controlled arguments into networkInterfaces. The vulnerable value is...

PT-2026-40714

Name of the Vulnerable Software and Affected Versions systeminformation versions 4.17.0 through 5.31.5 Description On Linux, the library is subject to command injection within the networkInterfaces function. This occurs when an active NetworkManager connection profile name contains shell...

CVE-2026-44724

creationtimestamp| type| source ---|---|--- 2026-05-07 19:37:55+00:00| published-proof-of-concept| https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9 2026-05-28 05:01:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmvaizrzqz26...