CVE-2026-44728

HIGH8.2EPSS 0.02%

@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input

發布日:2026/5/8修改日:2026/6/2

也稱為:DEBIAN-CVE-2026-44728

描述

Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and 8.0.0-alpha.13.

受影響套件(2)

Debian/node-babel7from 0
npm/@babel/plugin-transform-modules-systemjs>= 7.12.0, < 7.29.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

參考連結(3)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-44728
PATCHhttps://github.com/babel/babel
WEBhttps://github.com/babel/babel/security/advisories/GHSA-fv7c-fp4j-7gwp