Primary

Context

npm CLI Incorrect Permission Assignment Local Privilege Escalation Vulnerability

Vulnerability

A local privilege escalation vulnerability has been identified in npm CLI. This issue arises from the application loading modules from an unsecured location, allowing local attackers to escalate privileges and execute arbitrary code in the context of the affected user. To exploit this vulnerability, an attacker must first have the ability to run low-privileged code on the target system.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling local attackers to execute arbitrary code with elevated rights.

Remediation

The primary mitigation strategy is to limit interaction with the affected product.

Added: Jan 23, 2026, 4:30 AM

Updated: Jan 23, 2026, 4:30 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.9

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.9

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

npm CLI Incorrect Permission Assignment Local Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating