Home > Vulnerability Database > CVE-2026-0775

Mend.io Vulnerability Database

CVE-2026-0775

Good to know:

Date: January 22, 2026

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25430.

Severity Score

7.0

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-0775

Url: https://www.zerodayinitiative.com/advisories/ZDI-26-043/

Url: https://github.com/npm/cli

Url: https://www.zerodayinitiative.com/advisories/ZDI-26-043

Url: https://github.com/npm/cli/issues/8939

Url: https://www.mend.io/vulnerability-database/CVE-2026-0775

Severity Score

7.0

Weakness Type (CWE)

Incorrect Permission Assignment for Critical Resource

CWE-732

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2026-0775

Good to know:

Date: January 22, 2026

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?