CVE-2026-0775Incorrect Permission Assignment in NPM

CWE-732Incorrect Permission Assignment8 documents7 sources
Severity
7.0HIGHNVD
GHSA8.2OSV8.2
EPSS
0.0%
top 98.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Npmjs NPMNPM CLI
Timeline
PublishedJan 23

Description

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privilege

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

npmnpmjs/npm11.8.0
CVEListV5npm/cli10.9.0

🔴Vulnerability Details

4
CVEList
npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability2026-01-23
OSV
Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability2026-01-23
OSV
CVE-2026-0775: npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability2026-01-23
GHSA
Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability2026-01-23

📋Vendor Advisories

2
Red Hat
npmcli: npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability2026-01-23
Debian
CVE-2026-0775: npm - npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-0775 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-0775 — Incorrect Permission Assignment in NPM | cvebase