PatchSiren

Rollupjs CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Rollupjs CVE published 2026-02-25

CVE-2026-27606

CVE-2026-27606 is a high-severity vulnerability in Rollup, a JavaScript module bundler, allowing for arbitrary file writes via path traversal. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. The vulnerability affects versions prior to 2.80.0, 3.30.0, and 4.59.0 of Rollup. The issue is caused by insecure file name sanitization in the core [truncated]