HIGH
Rollupjs
CVE published 2026-02-25
CVE-2026-27606
CVE-2026-27606 is a high-severity vulnerability in Rollup, a JavaScript module bundler, allowing for arbitrary file writes via path traversal. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. The vulnerability affects versions prior to 2.80.0, 3.30.0, and 4.59.0 of Rollup. The issue is caused by insecure file name sanitization in the core [truncated]