Replicator 1.0.5 is vulnerable to Remote Code Execution through Insecure...

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input and execute the resulting object.

Basic Information

ID CVE-2026-2265

Source certcc

Published Apr 1, 2026 at 16:11

Modified Apr 1, 2026 at 19:27

Affected Product

Vendor Replicator

Product Replicator

Version 1.0.5

Affected Versions Replicator Replicator 1.0.5

References

{
    "lastseen": "",
    "description": "An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input and execute the resulting object.",
    "published": "2026-04-01T16:11:25.107Z",
    "modified": "2026-04-01T19:27:36.981Z",
    "type": "cve",
    "title": "Replicator 1.0.5 is vulnerable to Remote Code Execution through Insecure Deserialization",
    "source": "certcc",
    "references": "https://github.com/inikulin/replicator\nhttps://github.com/inikulin/replicator/pull/19\nhttps://morielharush.github.io/2026/03/31/cve-2026-2265-replicator-deserialization-of-untrusted-data/",
    "id": "CVE-2026-2265",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Replicator Replicator 1.0.5",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Replicator",
    "version": "1.0.5",
    "vendor": "Replicator",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Replicator 1.0.5 is vulnerable to Remote Code Execution through Insecure Deserialization_CVE-2026-2265

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply