CVE-2026-1665 | nvm-sh nvm up to 0.40.3 Environment Variable nvm_download NVM_AUTH_HEADER os command injection

Inserito da Angelo Barbosa | Gen 30, 2026 | CVE

A vulnerability classified as critical has been found in nvm-sh nvm up to 0.40.3. Impacted is the function nvm_download of the component Environment Variable Handler. This manipulation of the argument NVM_AUTH_HEADER causes os command injection.

This vulnerability is tracked as CVE-2026-1665. The attack is restricted to local execution. No exploit exists.

It is recommended to upgrade the affected component.

CVE-2026-1665 | nvm-sh nvm up to 0.40.3 Environment Variable nvm_download NVM_AUTH_HEADER os command injection

Post correlati

CVE-2023-38299 | AT&T/Nokia Devices information disclosure

CVE-2024-0590 | Microsoft Clarity Plugin up to 0.9.3 on WordPress cross-site request forgery

CVE-2025-27232 | Zabbix up to 7.4.2 oauth.authorize server-side request forgery

CVE-2024-7615 | Tenda FH1206 1.2.0.8 stack-based overflow