Ixtli logoIxtli
← Feed/CVE-2026-27606
CRITICALCVE-2026-27606npmCVSS 9.8

rollup

Published

Description

Rollup 4 has Arbitrary File Write via Path Traversal

Affected Versions

>=0>=3.0.0>=4.0.0
FIXED VERSIONS2.80.04.59.03.30.0

References

WEBhttps://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgcADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-27606WEBhttps://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2WEBhttps://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44eWEBhttps://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3PACKAGEhttps://github.com/rollup/rollupWEBhttps://github.com/rollup/rollup/releases/tag/v2.80.0WEBhttps://github.com/rollup/rollup/releases/tag/v3.30.0WEBhttps://github.com/rollup/rollup/releases/tag/v4.59.0

Using rollup?

Scan your dependencies and detect this automatically on every PR.

Create free account
CVE-2026-27606 | Ixtli Feed