cyclonedx-npm CVE-2026-55849
HIGHSeverity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local dev/CI tool so AV:L; a victim must run the CLI with the poisoned argument giving UI:R; attacker needs no prior privileges (PR:N) and command injection yields full C/I/A as the invoking user.
Primary rating from Vendor (https://github.com/CycloneDX/cyclonedx-node-npm).
CVSS VectorVendor: https://github.com/CycloneDX/cyclonedx-node-npm
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
Summary
A command injection vulnerability exists in @cyclonedx/cyclonedx-npm when the CLI is invoked with the --workspace <value> option while the environment variable npm_execpath is unset or empty. User‑supplied --workspace values are passed to a subshell without proper sanitization, enabling attackers to inject arbitrary OS commands. This issue corresponds to CWE‑78: Improper Neutralization of Special Elements used in an OS Command.
The vulnerability was fixed in version [5.0.0][v5.0.0].
Vulnerability Details
When cyclonedx-npm is executed with the --workspace option, the provided argument is incorporated into an internal shell command. If the environment variable npm_execpath is set, the tool uses the npm executable directly and no injection occurs. However, when npm_execpath is unset or empty, the tool falls back to spawning a subshell and interpolating the --workspace value directly into the command string without proper escaping or neutralization.
As a result, specially crafted workspace names can break out of the intended command context and execute arbitrary commands with the privileges of the invoking user.
Impact
An attacker who can influence the value passed to --workspace can execute arbitrary OS commands. This may lead to:
- Arbitrary command execution
- Data exfiltration
- Local privilege escalation (depending on how the tool is used)
- Modification or destruction of files accessible to the user running the CLI
The vulnerability affects only scenarios where:
- The user invokes
cyclonedx-npmwith--workspace <value>, and - The environment variable
npm_execpathis unset or empty
Exploitation Conditions (High‑Level)
Exploitation requires the attacker to supply or influence the --workspace value passed to the CLI. If the tool falls back to its subshell execution path, specially crafted workspace identifiers can cause unintended command execution. No exploit code is included here to avoid providing weaponizable examples.
Root Cause
The CLI constructs a shell command using untrusted input from the --workspace option. Because the fallback code path does not sanitize or escape the workspace value, special shell metacharacters (e.g., ;, &&, |) are interpreted by the shell, enabling command injection.
This behavior matches CWE‑78.
Fix
The vulnerability was resolved in [PR #1476], which ensures that workspace values are handled safely and are no longer passed to a subshell in an unsafe manner.
The fix is included in @cyclonedx/cyclonedx-npm version [5.0.0][v5.0.0].
Remediation
- Upgrade to version [5.0.0][v5.0.0] or later, which contains the complete fix.
- As a temporary mitigation for older versions, ensure that the environment variable
npm_execpathis set before invoking the tool. - Avoid passing untrusted or user‑controlled values to the
--workspaceoption.
[v5.0.0]: https://github.com/CycloneDX/cyclonedx-node-npm/releases/tag/v5.0.0 [PR #1476]: https://github.com/CycloneDX/cyclonedx-node-npm/pull/1476
Articles & Coverage 1
AnalysisAI
Command injection in the @cyclonedx/cyclonedx-npm SBOM generator (versions >= 2.1.0, < 5.0.0) lets an attacker who controls the value passed to the --workspace CLI option execute arbitrary OS commands when the npm_execpath environment variable is unset or empty. In that fallback path the tool spawns a subshell and interpolates the workspace value into a command string without escaping, so shell metacharacters break out of the intended context and run with the invoking user's privileges. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Two concrete conditions must both hold: (1) the cyclonedx-npm CLI is invoked with the --workspace (or -w) option carrying an attacker-influenced value, and (2) the environment variable npm_execpath is unset or empty, which triggers the subshell fallback path in npmRunner.ts (if npm_execpath is set, npm is executed directly and no injection occurs). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The only scored signal provided is a CVSS 4.0 base of 8.5 (High) with vector AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H, indicating a LOCAL attack vector requiring passive user interaction but no attacker privileges, with high confidentiality, integrity and availability impact and no scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | In a CI pipeline that generates an SBOM, an attacker who can influence a project's workspace identifier (for example via a crafted package.json workspace name or a pipeline parameter) supplies a value containing shell metacharacters such as '; <command> ;'. When cyclonedx-npm is invoked with that value as --workspace while npm_execpath is unset, the subshell interprets the metacharacters and runs the attacker's command as the CI/build user. … |
| Remediation | Vendor-released patch: upgrade to @cyclonedx/cyclonedx-npm version 5.0.0 or later, which reworks npm handling to execute npm explicitly rather than through a subshell (a documented BREAKING change per HISTORY.md, so validate your SBOM pipeline after upgrading since npm resolution behavior changed). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Locate all @cyclonedx/cyclonedx-npm installations in versions 2.1.0-4.x and assess whether the --workspace parameter receives untrusted input in your CI/CD pipelines. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
Same weakness CWE-78 – OS Command Injection
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-v75r-vx73-82pj