This page collects WhisperX intelligence signals tagged #CVE-2026-27606. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical path traversal vulnerability in the widely used Rollup JavaScript module bundler exposes build systems to arbitrary file writes. The flaw, tracked as CVE-2026-27606, stems from insecure filename sanitization within Rollup's core engine, allowing an attacker to control output filenames and potentially overwri...
A critical security vulnerability has been disclosed in the widely-used Rollup module bundler, exposing countless JavaScript build pipelines to arbitrary file write attacks. The flaw, tracked as CVE-2026-27606, stems from insecure file name sanitization within Rollup's core engine, specifically in v4.x versions. This p...
A critical security vulnerability has been disclosed in the widely-used Rollup module bundler, exposing countless JavaScript projects to arbitrary file overwrite attacks. The flaw, tracked as CVE-2026-27606, stems from insecure filename sanitization within Rollup's core engine. This allows an attacker to inject path tr...
A critical security vulnerability has been disclosed in the widely-used Rollup JavaScript module bundler. The flaw, tracked as CVE-2026-27606, is an arbitrary file write vulnerability stemming from insecure file name sanitization within Rollup's core engine. This path traversal weakness allows an attacker to control ou...
A critical security vulnerability has been disclosed in the widely-used Rollup JavaScript module bundler, exposing countless development projects to arbitrary file write attacks. The flaw, tracked as CVE-2026-27606, stems from insecure file name sanitization within Rollup's core engine, specifically in versions 4.x. Th...
Rollup 多个版本存在一个高危安全漏洞,攻击者可利用路径遍历实现任意文件写入,从而覆盖主机文件系统上的任意文件。该漏洞被追踪为 CVE-2026-27606 和 GHSA-mw96-cpmx-2vgc,影响 Rollup v4.x (< 4.59.0)、v3.x (< 3.30.0) 和 v2.x (< 2.80.0) 版本。核心风险在于,攻击者一旦能够控制输出文件名,即可利用此漏洞在服务器或开发环境中植入恶意文件或破坏关键系统文件。 漏洞源于两个关键缺陷的组合。首先,在 `src/utils/sanitizeFileName.ts` 文件中,用于清理文件名的 `INVALID_CHAR_REGEX` 正则表达式未能过滤句点 ...
A critical path traversal vulnerability has been disclosed in Rollup, the widely-used JavaScript module bundler, affecting versions 4.x and current source code. Tracked as CVE-2026-27606 and published through GitHub's security advisory system (GHSA-mw96-cpmx-2vgc), the flaw enables attackers to manipulate output filena...