Root has patched CVE-2026-49458 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available.
{ "distro_version": "", "source": "Root", "severity": "MEDIUM", "distro": "npm" }
true
"2.5.9-root.io.2"
2.0
[ "2.5.9-root.io.2", "3.2.4-root.io.2" ]
"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-49458.json"
""
"2.5.9-aikido.2"
[ "2.5.9-aikido.2", "3.2.4-aikido.2" ]