Skip to main content

@babel/core CVE-2026-49356

| EUVDEUVD-2026-38302 LOW
Path Traversal (CWE-22)
2026-06-15 https://github.com/babel/babel GHSA-4x5r-pxfx-6jf8
3.6
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.6 LOW
AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
vuln.today AI
4.0 MEDIUM

AV:N reflects realistic deployment as a build service compiling external code; AC:H captures three simultaneous exploitation conditions; C:L for limited source map file read only.

3.1 AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
CVSS changed
Jun 26, 2026 - 20:07 NVD
3.2 (LOW) 3.6 (LOW)
Source Code Evidence Fetched
Jun 15, 2026 - 17:31 vuln.today
Analysis Generated
Jun 15, 2026 - 17:31 vuln.today

DescriptionNVD

Impact

Using @babel/core to compile maliciously crafted code can allow ab attacker to read any source map from the system that is running Babel, if these conditions are _all_ true:

  • the attacker controls the input source code
  • the attacker can read the output source code
  • the attacker knows the path of the source map file that they want to read

Users that only compile trusted code are not impacted.

Patches

The vulnerability has been fixed in @babel/core@7.29.6 and @babel/core@8.0.0-rc.6.

Workarounds

Callers can mitigate the issue without upgrading by setting inputSourceMap: false in their Babel options.

Callers can also manually extract the #sourceMappingURL comment from the input source code, validate whether the source map that it links to is allowed to be read, and if it is pass an object to inputSourceMap (passing false when it's not).

Credits

Thanks Teodor-Cristian Radoi for reporting the vulnerability.

AnalysisAI

Arbitrary source map file read in @babel/core allows an attacker who controls Babel's input source code to exfiltrate any source map file (.map) accessible to the process running Babel, provided the attacker can also read the compilation output and knows the target file path. This affects all @babel/core versions up to and including 7.29.0 and the 8.0.0 alpha/rc series prior to 8.0.0-rc.6. No public exploit is identified at time of analysis, and exploitation is constrained by three simultaneous conditions, but the vulnerability is significant in environments that compile untrusted or externally submitted code - such as online transpilers, CI/CD pipelines accepting external PRs, or multi-tenant build services.

Technical ContextAI

The JavaScript ecosystem convention of embedding a #sourceMappingURL comment in source files allows debuggers and build tools to locate corresponding source maps. When @babel/core processes input source code containing this comment, it attempts to resolve and read the referenced source map file to preserve debug information across compilation steps - this is controlled by the inputSourceMap option, which defaults to following the #sourceMappingURL hint. CWE-22 (Path Traversal) applies here because Babel does not sufficiently restrict or validate the path embedded in the #sourceMappingURL comment, allowing a crafted comment to point to an arbitrary file path on the host filesystem. Because source map files conventionally use the .map extension and are JSON, the attacker is limited to reading files that Babel can interpret as source maps, but given that the path is attacker-controlled, any file with a path the attacker knows can potentially be targeted. The affected packages are pkg:npm/@babel_core versions <= 7.29.0 and >= 8.0.0-alpha.0 through < 8.0.0-rc.6.

RemediationAI

The primary fix is to upgrade @babel/core to version 7.29.6 (for the stable 7.x series) or 8.0.0-rc.6 (for the 8.x pre-release series), as confirmed by the vendor advisory at https://github.com/babel/babel/security/advisories/GHSA-4x5r-pxfx-6jf8. For teams unable to upgrade immediately, the vendor provides two workarounds: the simplest is to set inputSourceMap: false in Babel configuration options, which prevents Babel from resolving any #sourceMappingURL hints and eliminates the attack vector entirely - the trade-off is that source map chaining for compiled output will not function, which may affect debugging workflows. A more surgical workaround is to pre-process the input source code before passing it to Babel: extract the #sourceMappingURL comment, validate that the referenced path is within an allowlisted set of locations, pass the validated source map as an object to the inputSourceMap option if allowed, or pass false if the path is not permitted. This preserves source map functionality for trusted inputs while blocking exploitation, but requires careful implementation to avoid incomplete validation. Reference for the inputSourceMap option: https://babeljs.io/docs/options#inputsourcemap.

Share

CVE-2026-49356 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy