Ecosystem	Package	Version

Vulnerabilities

CVE-2026-27190

CVE-2026-27190

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:child_process implementation. This vulnerability is fixed in 2.6.8.

Published Feb 20, 2026

https://github.com/advisories/GHSA-hmh4-3xvx-q5hr

CVSS ScoreCritical

9.8

Ecosystem	Package	Version


cargo	deno	0.0.1
cargo	deno	0.10.0
cargo	deno	0.11.0
cargo	deno	0.12.0
cargo	deno	0.13.0
cargo	deno	0.14.0
cargo	deno	0.15.0
cargo	deno	0.16.0
cargo	deno	0.17.0
cargo	deno	0.18.0
cargo	deno	0.19.0
cargo	deno	0.20.0
cargo	deno	0.21.0
cargo	deno	0.22.0
cargo	deno	0.23.0
cargo	deno	0.29.0
cargo	deno	0.3.10
cargo	deno	0.3.11
cargo	deno	0.3.5-temp1-temp1
cargo	deno	0.3.5-temp3
cargo	deno	0.3.5-temp4
cargo	deno	0.3.5-temp5
cargo	deno	0.3.5
cargo	deno	0.3.6
cargo	deno	0.3.7
cargo	deno	0.3.8
cargo	deno	0.3.9
cargo	deno	0.30.0
cargo	deno	0.30.1
cargo	deno	0.31.0
cargo	deno	0.32.0
cargo	deno	0.33.0
cargo	deno	0.34.0
cargo	deno	0.35.0
cargo	deno	0.36.0
cargo	deno	0.37.0
cargo	deno	0.37.1
cargo	deno	0.38.0
cargo	deno	0.4.0
cargo	deno	0.40.0
cargo	deno	0.41.0
cargo	deno	0.42.0
cargo	deno	0.5.0
cargo	deno	0.6.0
cargo	deno	0.7.0
cargo	deno	0.8.0
cargo	deno	0.9.0
cargo	deno	1.0.0-rc1
cargo	deno	1.0.0-rc2
cargo	deno	1.0.0-rc3

CVE-2026-27190 | Components Impacted | Sonatype Guide | Sonatype Guide