Root has patched CVE-2026-35209 in the @rootio/defu package for Root:npm. Multiple fixed versions available.
{ "distro_version": "", "severity": "HIGH", "distro": "npm", "source": "Root" }
true
"6.1.4-root.io.2"
[ "6.1.4-root.io.1", "6.1.4-root.io.2" ]
2.0
""
"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-35209.json"
"6.1.4-aikido.2"
[ "6.1.4-aikido.2" ]
1.0