CVE-2026-30916

Shescape <2.1.9 - Auth Bypass

Title source: llm

Description

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: Further investigation determined that the software behavior described did not falls within the project's threat model. See https://github.com/github/advisory-database/pull/7206 for more information.

References (3)

[Issue Tracking] https://github.com/ericcornelissen/shescape/pull/2388

[Vendor Advisory] https://github.com/ericcornelissen/shescape/security/advisories/GHSA-6f6w-6j58-rq76

[Various Sources] https://www.npmjs.com/package/shescape/v/2.1.9

Scores

EPSS 0.0005

EPSS Percentile 16.1%

Details

CWE

CWE-200

Status published

Products (1)

npm/shescape 0 - 2.1.9npm

Published Mar 10, 2026

Tracked Since Mar 11, 2026