Root has patched CVE-2026-12151 in the @rootio/undici package for Root:npm. Multiple fixed versions available.
{
"source": "Root",
"distro_version": "",
"severity": "HIGH",
"distro": "npm"
}true
"5.28.5-root.io.1"
""
[
"6.26.0-root.io.1",
"6.20.1-root.io.1",
"7.24.6-root.io.2",
"6.24.1-root.io.1",
"6.21.3-root.io.9",
"6.20.1-root.io.2",
"5.29.0-root.io.4",
"7.24.5-root.io.1",
"7.25.0-root.io.1",
"7.26.0-root.io.1",
"7.24.5-root.io.2",
"7.26.0-root.io.2",
"7.25.0-root.io.2",
"6.25.0-root.io.1",
"5.28.5-root.io.1"
]
15.0
"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-12151.json"
true
"5.28.5-aikido.1"
"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-12151.json"
[
"6.26.0-aikido.1",
"6.20.1-aikido.1",
"7.24.6-aikido.2",
"6.24.1-aikido.1",
"6.21.3-aikido.9",
"6.20.1-aikido.2",
"5.29.0-aikido.4",
"7.24.5-aikido.1",
"7.25.0-aikido.1",
"7.26.0-aikido.1",
"7.24.5-aikido.2",
"7.26.0-aikido.2",
"7.25.0-aikido.2",
"6.25.0-aikido.1",
"5.28.5-aikido.1"
]
15.0
""