CVE-2026-27190
- Source
- https://cve.org/CVERecord?id=CVE-2026-27190
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27190.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-27190
- Aliases
- Published
- 2026-02-20T20:52:11.468Z
- Modified
- 2026-03-02T02:51:25.355169Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process
- Details
-
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:child_process implementation. This vulnerability is fixed in 2.6.8.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-78" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27190.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27190.json
- https://github.com/denoland/deno/commit/9132ad958c83a0d0b199de12b69b877f63edab4c
- https://github.com/denoland/deno/releases/tag/v2.6.8
- https://github.com/denoland/deno/security/advisories/GHSA-hmh4-3xvx-q5hr
- https://nvd.nist.gov/vuln/detail/CVE-2026-27190
Affected packages
Git / github.com/denoland/deno
Affected ranges
- Type
- GIT
- Repo
- https://github.com/denoland/deno
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
std/0.*
std/0.34.0
std/0.35.0
std/0.36.0
std/0.37.0
std/0.38.0
std/0.39.0
std/0.40.0
std/0.41.0
std/0.42.0
std/0.50.0
std/0.51.0
std/0.52.0
std/0.53.0
std/0.54.0
std/0.55.0
std/0.56.0
std/0.57.0
std/0.58.0
std/0.59.0
std/0.60.0
std/0.61.0
std/0.62.0
std/0.63.0
std/0.64.0
std/0.65.0
std/0.66.0
std/0.67.0
std/0.68.0
std/0.69.0
std/0.70.0
std/0.71.0
std/0.72.0
std/0.73.0
std/0.74.0
std/0.75.0
std/0.76.0
std/0.77.0
std/0.78.0
std/0.79.0
std/0.80.0
std/0.81.0
std/0.82.0
std/0.83.0
std/0.84.0
std/0.85.0
v0.*
v0.0.1
v0.0.3
v0.1.0
v0.1.1
v0.1.10
v0.1.11
v0.1.12
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.2.0
v0.2.1
v0.2.10
v0.2.11
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.20.0
v0.21.0
v0.22.0
v0.23.0
v0.24.0
v0.25.0
v0.26.0
v0.27.0
v0.28.0
v0.28.1
v0.29.0
v0.3.0
v0.3.1
v0.3.10
v0.3.11
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9
v0.30.0
v0.30.1
v0.31.0
v0.32.0
v0.33.0
v0.34.0
v0.35.0
v0.36.0
v0.37.0
v0.37.1
v0.38.0
v0.39.0
v0.4.0
v0.40.0
v0.41.0
v0.42.0
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.9.0
v1.*
v1.0.0
v1.0.0-rc1
v1.0.0-rc2
v1.0.0-rc3
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.10.0
v1.10.1
v1.10.3
v1.11.0
v1.11.1
v1.11.2
v1.12.0
v1.12.1
v1.12.2
v1.13.0
v1.13.1
v1.13.2
v1.14.0
v1.14.1
v1.14.2
v1.15.0
v1.15.1
v1.15.2
v1.15.3
v1.16.0
v1.16.1
v1.16.2
v1.17.0
v1.18.0
v1.19.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.20.0
v1.20.1
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.26.0
v1.27.0
v1.28.0
v1.29.0
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.30.0
v1.31.0
v1.32.0
v1.33.0
v1.34.0
v1.35.0
v1.36.0
v1.37.0
v1.38.0
v1.39.0
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.40.0
v1.41.0
v1.42.0
v1.43.0
v1.43.1
v1.44.0
v1.45.0
v1.46.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.8.0
v1.8.1
v1.8.2
v1.9.0
v1.9.1
v1.9.2
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.6.0
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7