npm

npm is the JavaScript package manager and repository used by millions of developers worldwide. This high-severity vulnerability (CVSS 7.8) requires local access and low-level user privileges to exploit, but once successful grants an attacker complete control over system confidentiality, integrity, and availability with no user interaction needed. Security teams should monitor for any suspicious activity in npm package installations and local system access attempts, as this vulnerability could be weaponized to compromise development environments and supply chains if exploited before the June 2026 patch deadline.