CVE-2026-27190

CVE-2026-27190

Name

CVE-2026-27190

Description

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:child_process implementation. This vulnerability is fixed in 2.6.8.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/denoland/deno/commit/9132ad958c83a0d0b199de12b69b877f63edab4c
security-advisories@github.com	https://github.com/denoland/deno/releases/tag/v2.6.8
security-advisories@github.com	https://github.com/denoland/deno/security/advisories/GHSA-hmh4-3xvx-q5hr

Type

URI

security-advisories@github.com

https://github.com/denoland/deno/commit/9132ad958c83a0d0b199de12b69b877f63edab4c

security-advisories@github.com

https://github.com/denoland/deno/releases/tag/v2.6.8

security-advisories@github.com

https://github.com/denoland/deno/security/advisories/GHSA-hmh4-3xvx-q5hr

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:deno:deno::::::::`	deno	>= None	< 2.6.8

CPE URI

Source package

Min version

Max version

cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:*

deno

>= None

< 2.6.8

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
deno	edge-community	2.3.1-r8	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
deno	edge-community	2.3.1-r7	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
deno	edge-community	2.3.1-r6	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
deno	edge-community	2.3.1-r5	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
deno	edge-community	2.3.1-r4	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
deno	edge-community	2.3.1-r3	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
deno	edge-community	2.3.1-r2	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
deno	edge-community	2.3.1-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
deno	edge-community	2.3.1-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
deno	edge-community	2.0.6-r2	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
deno	edge-community	2.0.6-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
deno	3.23-community	2.3.1-r5	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
deno	3.23-community	2.3.1-r4	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

deno

edge-community

2.3.1-r8

Jakub Jirutka <jakub@jirutka.cz>

possibly vulnerable

deno

edge-community