Root has patched CVE-2026-6402 in the @rootio/webpack-dev-server package for Root:npm. Multiple fixed versions available.
{
"source": "Root",
"distro_version": "",
"severity": "MEDIUM",
"distro": "npm"
}[
"5.2.3-root.io.1",
"5.2.2-root.io.1",
"3.11.3-root.io.1",
"4.10.0-root.io.1",
"3.11.3-root.io.2"
]
"3.11.3-root.io.2"
""
true
5.0
"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-6402.json"
true
"3.11.3-aikido.2"
""
[
"5.2.3-aikido.1",
"5.2.2-aikido.1",
"3.11.3-aikido.1",
"4.10.0-aikido.1",
"3.11.3-aikido.2"
]
5.0
"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-6402.json"