HIGH
yeoman
CVE published 2026-06-16
CVE-2026-42089
CVE-2026-42089 is a high-severity vulnerability in Yeoman Environment, a tool for discovering, creating, and running generators. The vulnerability affects versions 2.9.0 through 6.0.0 and allows for arbitrary package installation and code execution during CLI bootstrap. This is possible because the `installLocalGenerators()` method installs missing local generator packages from caller-supplied package nam [truncated]