CVE-2026-44728HIGH 8.2EPSS p2.5%

CVE-2026-44728CVE-2026-44728

Description

Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and 8.0.0-alpha.13.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS0.13% probability of exploitation · percentile 2.5% · 2026-06-19T12:03:05Z
Published2026-05-26
Last modified2026-05-26

Underlying weaknesses· 2

CWE-94CWE-843

References

  1. https://github.com/babel/babel/security/advisories/GHSA-fv7c-fp4j-7gwp

2

TypeTargetConfidenceTier
WeaknessAccess of Resource Using Incompatible Type ('Type Confusion')cwe-8430%live
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-41242
CVE
CVE-2026-4447
CVE
CVE-2026-44291
CVE
CVE-2025-12428
CVE
CVE-2025-12429
CVE
CVE-2026-4800
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.