1. Rollup JavaScript Bundler Vulnerability Allows Arbitrary File Write via Path Traversal
A critical path traversal vulnerability has been disclosed in Rollup, the widely-used JavaScript module bundler, affecting versions 4.x and current source code. Tracked as CVE-2026-27606 and published through GitHub's security advisory system (GHSA-mw96-cpmx-2vgc), the flaw enables attackers to manipulate output filena...