CVE-2021-26700

HIGH

Microsoft Npm < 0.3.15 - Remote Code Execution

Title source: rule

Description

Visual Studio Code npm-script Extension Remote Code Execution Vulnerability

Exploits (3)

nomisec WORKING POC 20 stars
by jackadamson · poc
https://github.com/jackadamson/CVE-2021-26700
gitlab WORKING POC
by jadamson08 · poc
https://gitlab.com/jadamson08/CVE-2021-26700
nomisec WORKING POC
by june-in-exile · poc
https://github.com/june-in-exile/CVE-2021-26700

References (1)

Scores

CVSS v3 7.8
EPSS 0.1032
EPSS Percentile 93.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published
Products (2)
microsoft/npm < 0.3.15
npm/vscode-npm-script 0.0.0npm
Published Feb 25, 2021
Tracked Since Feb 18, 2026