CVE-2026-26280
- Source
- https://cve.org/CVERecord?id=CVE-2026-26280
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26280.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-26280
- Aliases
- Downstream
- Related
- Published
- 2026-02-19T19:43:05.868Z
- Modified
- 2026-03-03T02:56:09.191618Z
- Severity
-
- 8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path
- Details
-
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the
wifiNetworks()function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. Inlib/wifi.js, thewifiNetworks()function sanitizes theifaceparameter on the initial call (line 437). However, when the initial scan returns empty results, asetTimeoutretry (lines 440-441) callsgetWifiNetworkListIw(iface)with the original unsanitizedifacevalue, which is passed directly toexecSync('iwlist ${iface} scan'). Any application passing user-controlled input tosi.wifiNetworks()is vulnerable to arbitrary command execution with the privileges of the Node.js process. Version 5.30.8 fixes the issue. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26280.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-78" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26280.json
- https://github.com/sebhildebrandt/systeminformation/commit/22242aa56188f2bffcbd7d265a11e1ebb808b460
- https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-9c88-49p5-5ggf
- https://nvd.nist.gov/vuln/detail/CVE-2026-26280
Affected packages
Git / github.com/sebhildebrandt/systeminformation
Affected ranges
- Type
- GIT
- Repo
- https://github.com/sebhildebrandt/systeminformation
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v3.*
v3.42.5
v3.42.6
v3.42.7
v3.42.8
v3.45.8
v3.45.9
v3.48.2
v3.48.3
v3.48.4
v3.49.0
v3.49.1
v3.51.1
v3.51.2
v3.52.0
v3.52.1
v4.*
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.6
v4.0.7
v4.0.9
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.11.5
v4.11.6
v4.12.1
v4.12.2
v4.13.1
v4.13.2
v4.14.0
v4.14.10
v4.14.11
v4.14.14
v4.14.15
v4.14.3
v4.14.5
v4.14.6
v4.14.7
v4.14.9
v4.15.0
v4.15.1
v4.16.0
v4.16.1
v4.17.0
v4.17.1
v4.17.2
v4.17.3
v4.18.0
v4.18.1
v4.18.2
v4.18.3
v4.19.0
v4.19.1
v4.19.2
v4.19.3
v4.19.4
v4.2.0
v4.2.1
v4.20.0
v4.20.1
v4.21.0
v4.21.1
v4.21.2
v4.21.3
v4.22.0
v4.22.1
v4.22.2
v4.22.3
v4.22.4
v4.22.5
v4.22.6
v4.22.7
v4.23.0
v4.23.1
v4.23.10
v4.23.2
v4.23.3
v4.23.4
v4.23.5
v4.23.6
v4.23.7
v4.23.8
v4.23.9
v4.24.0
v4.24.1
v4.24.2
v4.25.0
v4.25.1
v4.25.2
v4.26.0
v4.26.1
v4.26.10
v4.26.11
v4.26.12
v4.26.2
v4.26.3
v4.26.4
v4.26.5
v4.26.6
v4.26.7
v4.26.8
v4.26.9
v4.27.0
v4.27.1
v4.27.10
v4.27.11
v4.27.2
v4.27.3
v4.27.4
v4.27.5
v4.27.6
v4.27.7
v4.27.8
v4.27.9
v4.28.0
v4.28.1
v4.29.0
v4.29.1
v4.29.2
v4.29.3
v4.3.0
v4.30.0
v4.30.1
v4.30.10
v4.30.11
v4.30.2
v4.30.3
v4.30.4
v4.30.5
v4.30.6
v4.30.7
v4.30.8
v4.30.9
v4.31.1
v4.31.2
v4.32.0
v4.33.0
v4.33.1
v4.33.2
v4.33.3
v4.33.4
v4.33.5
v4.33.6
v4.33.7
v4.33.8
v4.34.0
v4.34.1
v4.34.2
v4.34.3
v4.34.4
v4.34.5
v4.34.6
v4.34.7
v4.34.8
v4.34.9
v4.6.1
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.8.4
v4.9.0
v5.*
v5.0.0
v5.0.1
v5.0.10
v5.0.11
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1.0
v5.1.1
v5.1.2
v5.10.0
v5.10.1
v5.10.2
v5.10.3
v5.10.4
v5.10.5
v5.10.6
v5.10.7
v5.11.0
v5.11.1
v5.11.11
v5.11.12
v5.11.13
v5.11.14
v5.11.15
v5.11.16
v5.11.17
v5.11.18
v5.11.19
v5.11.2
v5.11.20
v5.11.21
v5.11.22
v5.11.23
v5.11.24
v5.11.25
v5.11.26
v5.11.3
v5.11.4
v5.11.5
v5.11.6
v5.11.7
v5.11.8
v5.11.9
v5.12.0
v5.12.1
v5.12.10
v5.12.11
v5.12.12
v5.12.13
v5.12.14
v5.12.15
v5.12.2
v5.12.3
v5.12.4
v5.12.5
v5.12.6
v5.12.7
v5.12.8
v5.12.9
v5.13.0
v5.13.1
v5.13.2
v5.13.3
v5.13.4
v5.13.5
v5.14.0
v5.14.1
v5.14.2
v5.14.3
v5.14.4
v5.15.0
v5.15.1
v5.16.0
v5.16.1
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.16.8
v5.16.9
v5.17.0
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.13
v5.17.14
v5.17.15
v5.17.16
v5.17.17
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18.0
v5.18.1
v5.18.10
v5.18.11
v5.18.12
v5.18.13
v5.18.14
v5.18.15
v5.18.2
v5.18.3
v5.18.4
v5.18.5
v5.18.6
v5.18.7
v5.18.8
v5.18.9
v5.19.0
v5.19.1
v5.2.0
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.2.5
v5.2.6
v5.2.7
v5.20.0
v5.21.0
v5.21.1
v5.21.10
v5.21.11
v5.21.12
v5.21.13
v5.21.14
v5.21.15
v5.21.16
v5.21.17
v5.21.18
v5.21.19
v5.21.2
v5.21.20
v5.21.21
v5.21.22
v5.21.23
v5.21.24
v5.21.25
v5.21.3
v5.21.4
v5.21.5
v5.21.6
v5.21.7
v5.21.8
v5.21.9
v5.22.0
v5.22.1
v5.22.10
v5.22.11
v5.22.2
v5.22.3
v5.22.4
v5.22.5
v5.22.6
v5.22.7
v5.22.8
v5.22.9
v5.23.0
v5.23.1
v5.23.10
v5.23.11
v5.23.12
v5.23.13
v5.23.14
v5.23.15
v5.23.16
v5.23.17
v5.23.18
v5.23.19
v5.23.2
v5.23.20
v5.23.21
v5.23.22
v5.23.23
v5.23.24
v5.23.25
v5.23.3
v5.23.4
v5.23.5
v5.23.6
v5.23.7
v5.23.8
v5.23.9
v5.24.0
v5.24.1
v5.24.2
v5.24.3
v5.24.4
v5.24.5
v5.24.6
v5.24.7
v5.24.8
v5.24.9
v5.25.0
v5.25.1
v5.25.10
v5.25.11
v5.25.2
v5.25.3
v5.25.4
v5.25.5
v5.25.6
v5.25.7
v5.25.8
v5.25.9
v5.26.0
v5.26.1
v5.26.2
v5.27.0
v5.27.1
v5.27.10
v5.27.11
v5.27.12
v5.27.13
v5.27.14
v5.27.15
v5.27.16
v5.27.17
v5.27.2
v5.27.3
v5.27.4
v5.27.5
v5.27.6
v5.27.7
v5.27.8
v5.27.9
v5.28.0
v5.28.1
v5.28.10
v5.28.2
v5.28.3
v5.28.4
v5.28.5
v5.28.6
v5.28.7
v5.28.8
v5.28.9
v5.29.0
v5.29.1
v5.3.0
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.3.5
v5.30.0
v5.30.1
v5.30.2
v5.30.3
v5.30.4
v5.30.5
v5.30.6
v5.30.7
v5.4.0
v5.5.0
v5.6.0
v5.6.1
v5.6.10
v5.6.11
v5.6.12
v5.6.13
v5.6.14
v5.6.15
v5.6.16
v5.6.17
v5.6.18
v5.6.19
v5.6.2
v5.6.20
v5.6.21
v5.6.22
v5.6.3
v5.6.4
v5.6.5
v5.6.6
v5.6.7
v5.6.8
v5.6.9
v5.7.0
v5.7.1
v5.7.10
v5.7.11
v5.7.12
v5.7.13
v5.7.14
v5.7.2
v5.7.3
v5.7.4
v5.7.5
v5.7.6
v5.7.7
v5.7.8
v5.7.9
v5.8.0
v5.8.1
v5.8.2
v5.8.3
v5.8.4
v5.8.5
v5.8.6
v5.8.7
v5.8.8
v5.8.9
v5.9.0
v5.9.1
v5.9.10
v5.9.11
v5.9.12
v5.9.13
v5.9.14
v5.9.15
v5.9.16
v5.9.17
v5.9.18
v5.9.2
v5.9.3
v5.9.4
v5.9.5
v5.9.6
v5.9.7
v5.9.8
v5.9.9