PatchSiren

sebhildebrandt CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH sebhildebrandt CVE published 2026-05-27

CVE-2026-44724

CVE-2026-44724 is a command injection vulnerability in the systeminformation Node.js library affecting versions 4.17.0 through 5.31.5 on Linux systems. The vulnerability exists in the networkInterfaces() function, where an unsanitized NetworkManager connection profile name—obtained from nmcli device status output—is interpolated into shell command strings executed via execSync(). While the library sanitiz [truncated]

HIGH sebhildebrandt CVE published 2026-02-19

CVE-2026-26280

The systeminformation library for Node.js, prior to version 5.30.8, contains a command injection vulnerability in the `wifiNetworks()` function. This vulnerability allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. The `wifiNetworks()` function in `lib/wifi.js` initially sanitizes the `iface` parameter but fails to do so in the retry [truncated]