CVE-2026-44724 is a command injection vulnerability in the systeminformation Node.js library affecting versions 4.17.0 through 5.31.5 on Linux systems. The vulnerability exists in the networkInterfaces() function, where an unsanitized NetworkManager connection profile name—obtained from nmcli device status output—is interpolated into shell command strings executed via execSync(). While the library sanitiz [truncated]
The systeminformation library for Node.js, prior to version 5.30.8, contains a command injection vulnerability in the `wifiNetworks()` function. This vulnerability allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. The `wifiNetworks()` function in `lib/wifi.js` initially sanitizes the `iface` parameter but fails to do so in the retry [truncated]