CVE-2026-2265

Source
https://cve.org/CVERecord?id=CVE-2026-2265
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2265.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-2265
Aliases
Published
2026-04-01T16:11:25.107Z
Modified
2026-07-08T07:43:46.411890826Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Replicator 1.0.5 is vulnerable to Remote Code Execution through Insecure Deserialization
Details

An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input and execute the resulting object.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/2xxx/CVE-2026-2265.json",
    "cna_assigner": "certcc"
}
References

Affected packages

Git / github.com/inikulin/replicator

Affected ranges

Type
GIT
Repo
https://github.com/inikulin/replicator
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "1.0.5"
        },
        {
            "last_affected": "1.0.5"
        }
    ]
}

Affected versions

1.*
1.0.5
v1.*
v1.0.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2265.json"