CVE-2026-27190CRITICAL 9.8EPSS p77.8%

CVE-2026-27190CVE-2026-27190

Description

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:child_process implementation. This vulnerability is fixed in 2.6.8.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS1.97% probability of exploitation · percentile 77.8% · 2026-06-18T12:00:27Z
Published2026-02-20
Last modified2026-03-02

Underlying weaknesses· 1

CWE-78

References

  1. https://github.com/denoland/deno/commit/9132ad958c83a0d0b199de12b69b877f63edab4c
  2. https://github.com/denoland/deno/releases/tag/v2.6.8
  3. https://github.com/denoland/deno/security/advisories/GHSA-hmh4-3xvx-q5hr

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32260
CVE
CVE-2025-61787
CVE
CVE-2026-22864
CVE
CVE-2025-48935
CVE
CVE-2025-63706
CVE
CVE-2026-21636
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.