ROOT-APP-NPM-CVE-2026-44288

See a problem?
Please try reporting it to the source first.

Source

https://root.io/security/ROOT-APP-NPM-CVE-2026-44288

Import Source

https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-44288.json

JSON Data

https://api.osv.dev/v1/vulns/ROOT-APP-NPM-CVE-2026-44288

Upstream

CVE-2026-44288

Published

2026-06-25T05:17:08Z

Modified

2026-06-25T07:02:10.922160871Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

CVE-2026-44288 in @rootio/protobufjs - Patched by Root

Details

Root has patched CVE-2026-44288 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available.

Database specific

{
    "distro": "npm",
    "distro_version": "",
    "severity": "MEDIUM",
    "source": "Root"
}

References

Affected packages

Root:npm / @rootio/protobufjs

Package

Name: @rootio/protobufjs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.5.5-root.io.4

Fixed

7.5.4-root.io.5

Fixed

8.0.1-root.io.5

Fixed

7.4.0-root.io.4

Fixed

8.0.1-root.io.6

Fixed

7.5.4-root.io.6

Fixed

7.4.0-root.io.5

Fixed

7.4.0-root.io.6

Fixed

6.11.4-root.io.3

Fixed

7.5.6-root.io.1

Fixed

7.5.6-root.io.2

Database specific

root_patched

true

root_patch_version

""

total_fixed_versions

11.0

all_fixed_versions

[
    "7.5.5-root.io.4",
    "7.5.4-root.io.5",
    "8.0.1-root.io.5",
    "7.4.0-root.io.4",
    "8.0.1-root.io.6",
    "7.5.4-root.io.6",
    "7.4.0-root.io.5",
    "7.4.0-root.io.6",
    "6.11.4-root.io.3",
    "7.5.6-root.io.1",
    "7.5.6-root.io.2"
]

source

"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-44288.json"

upstream_version

"6.11.4-root.io.3"

Root:npm / protobufjs

Package

Name: protobufjs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.5.5-aikido.4

Fixed

7.5.4-aikido.5

Fixed

8.0.1-aikido.5

Fixed

7.4.0-aikido.4

Fixed

8.0.1-aikido.6

Fixed

7.5.4-aikido.6

Fixed

7.4.0-aikido.5

Fixed

7.4.0-aikido.6

Fixed

6.11.4-aikido.3

Fixed

7.5.6-aikido.2

Database specific

source

"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-44288.json"

total_fixed_versions

10.0

root_patch_version

""

all_fixed_versions

[
    "7.5.5-aikido.4",
    "7.5.4-aikido.5",
    "8.0.1-aikido.5",
    "7.4.0-aikido.4",
    "8.0.1-aikido.6",
    "7.5.4-aikido.6",
    "7.4.0-aikido.5",
    "7.4.0-aikido.6",
    "6.11.4-aikido.3",
    "7.5.6-aikido.2"
]

root_patched

true

upstream_version

"6.11.4-aikido.3"

Root:npm / @rootio/protobufjs__utf8

Package

Name: @rootio/protobufjs__utf8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.0-root.io.1

Database specific

root_patched

true

root_patch_version

""

total_fixed_versions

1.0

all_fixed_versions

[
    "1.1.0-root.io.1"
]

source

"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-44288.json"

upstream_version

"1.1.0-root.io.1"

Root:npm / @protobufjs/utf8

Package

Name: @protobufjs/utf8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.0-aikido.1

Database specific

source

"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-44288.json"

root_patch_version

""

total_fixed_versions

1.0

all_fixed_versions

[
    "1.1.0-aikido.1"
]

root_patched

true

upstream_version

"1.1.0-aikido.1"