CVE-2026-26318 systeminformation has Command Injection via Unsanitized `locate` Output in `versions()`

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

CVE-2026-26318

The CVE-2026-26318 issue affects the systeminformation package for Node.js: versions prior to 5.31.0 are vulnerable to local command injection via unsanitized output from the locate command in versions(). Version 5.31.0 fixes the issue. Root has patched the vulnerability in @rootio/systeminformat...

CVE-2026-26318 systeminformation has Command Injection via Unsanitized `locate` Output in `versions()`

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

CVE-2026-26318

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

CVE-2026-26318 systeminformation has Command Injection via Unsanitized `locate` Output in `versions()`

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

systeminformation 操作系统命令注入漏洞

SystemInformation is a NPM library developed by Sebastian Hildebrandt that allows access to operating system information. Versions of SystemInformation prior to 5.31.0 contained a vulnerability related to operating system command injection, caused by uncleaned locate output in the versions...

Command Injection

Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection via the versions function, which executes a locate command to find a PostgreSQL installation on Linux. An attacker who can write files to the target...

GHSA-5VV4-HVF7-2H46 Command Injection via Unsanitized `locate` Output in `versions()` — systeminformation

Command Injection via Unsanitized locate Output in versions — systeminformation Package: systeminformation npm Tested Version: 5.30.7 Affected Platform: Linux Author: Sebastian Hildebrandt Weekly Downloads: 5,000,000+ Repository: https://github.com/sebhildebrandt/systeminformation Severity: Mediu...

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in sebhildebrandt/systeminformation

✍️ Description The systeminformation package is vulnerable to Improper Input Validation through versions function. 🕵️‍♂️ Proof of Concept javascript // PoC.js const si = require'systeminformation'; si.versionstoString : = console.log"This is a PoC" ; 💥 Impact This vulnerability allows attackers to...