CVE-2026-0775
📋 TL;DR
This CVE describes a local privilege escalation vulnerability in npm CLI where incorrect permission assignment allows loading modules from unsecured locations. Attackers with initial low-privileged access can exploit this to execute arbitrary code with elevated privileges. This affects systems where npm CLI is installed and users have local access.
💻 Affected Systems
- npm CLI
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains full system privileges, installs persistent backdoors, accesses sensitive data, and compromises the entire system.
Likely Case
Local user or malware with initial foothold escalates to administrator/root privileges to install additional malware, steal credentials, or pivot to other systems.
If Mitigated
With proper access controls and least privilege principles, impact is limited to the compromised user account only.
🎯 Exploit Status
Requires local access and ability to execute code as a low-privileged user first. Exploit involves manipulating module loading paths.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check npm releases after advisory date (2026)
Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-26-043/
Restart Required: No
Instructions:
1. Update npm CLI to latest patched version. 2. Run: npm install -g npm@latest. 3. Verify update with: npm --version.
🔧 Temporary Workarounds
Restrict module path permissions
linuxSet strict permissions on npm module directories to prevent unauthorized writes
chmod 755 /usr/local/lib/node_modules
chown root:root /usr/local/lib/node_modules
Use least privilege accounts
allRun npm operations with non-privileged accounts and avoid using root/sudo for npm commands
🧯 If You Can't Patch
- Implement strict access controls to limit which users can execute npm commands locally
- Monitor for suspicious privilege escalation attempts and unauthorized module installations
🔍 How to Verify
Check if Vulnerable:
Check npm version and compare against patched versions in vendor advisoryCheck Version:
npm --versionVerify Fix Applied:
Verify npm version is updated beyond vulnerable versions and test module loading from secure paths only📡 Detection & Monitoring
Log Indicators:
- Unusual npm module installations from non-standard paths
- Privilege escalation attempts via npm processes
Network Indicators:
- Not applicable - local exploitation only
SIEM Query:
Process creation where parent is npm and child process has elevated privileges