CVE-2026-0775 is a local privilege escalation vulnerability identified in npm CLI version 10.9.0, classified under CWE-732 (Incorrect Permission Assignment for Critical Resource). The flaw stems from the npm CLI's handling of modules, where it loads modules from an unsecured location without proper permission checks. This insecure module loading allows an attacker who already has the ability to execute low-privileged code on the target system to escalate their privileges by injecting malicious modules or code. The vulnerability enables execution of arbitrary code in the context of a higher-privileged user, compromising system confidentiality, integrity, and availability. Exploitation requires local access with low privileges but does not require user interaction, making it a significant risk in environments where multiple users or processes share systems. The vulnerability was reserved on January 8, 2026, and published on January 23, 2026, with no known exploits in the wild to date. The CVSS v3.0 score is 7.0 (High), reflecting the attack vector as local (AV:L), high attack complexity (AC:H), requiring low privileges (PR:L), no user interaction (UI:N), and impacting confidentiality, integrity, and availability (C:H/I:H/A:H). This vulnerability is particularly relevant for development environments and production systems that rely on npm CLI for package management and module loading, as exploitation could lead to unauthorized code execution and system compromise.

For European organizations, the impact of CVE-2026-0775 can be significant, especially for those heavily reliant on npm CLI in software development, continuous integration/continuous deployment (CI/CD) pipelines, and production environments. Successful exploitation could allow attackers to escalate privileges from a low-privileged user to a higher-privileged context, potentially leading to unauthorized access to sensitive data, modification or deletion of critical files, and disruption of services. This could result in data breaches, intellectual property theft, and operational downtime. Given the widespread use of npm in the European software industry, including startups, enterprises, and public sector organizations, the vulnerability poses a risk to the confidentiality, integrity, and availability of systems. Additionally, organizations with shared development environments or multi-tenant systems are at higher risk due to the local attack vector. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time.

1. Upgrade npm CLI: Monitor npm releases closely and apply patches or upgrade to versions where this vulnerability is fixed as soon as they become available. 2. Restrict Local Code Execution: Limit the ability of untrusted users or processes to execute code on systems where npm CLI is installed, using strict access controls and sandboxing techniques. 3. Audit Module Loading Paths: Review and harden the configuration of npm CLI to ensure modules are loaded only from trusted and secure locations, preventing injection of malicious modules. 4. Implement Principle of Least Privilege: Ensure users and services running npm CLI operate with the minimum privileges necessary to reduce the impact of potential exploitation. 5. Monitor and Log: Enable detailed logging of npm CLI operations and monitor for unusual module loading or privilege escalation attempts. 6. Network Segmentation: Isolate development and build environments from sensitive production systems to limit lateral movement if exploitation occurs. 7. Educate Developers and Administrators: Raise awareness about the vulnerability and safe npm usage practices to prevent inadvertent exposure.