CVE-2026-1245: Privilege-Level Code Execution in binary-parser npm Library

First reported

21.01.2026 08:04

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A critical vulnerability (CVE-2026-1245) in the binary-parser npm library allows arbitrary JavaScript code execution due to insufficient sanitization of user-supplied values. The flaw affects all versions prior to 2.3.0 and could lead to privilege-level code execution in Node.js processes. The issue was patched on November 26, 2025, and users are advised to upgrade immediately.

Timeline

21.01.2026 08:04 1 articles · 23h ago

CVE-2026-1245: binary-parser Vulnerability Patched
A critical vulnerability in the binary-parser npm library, allowing arbitrary JavaScript code execution, was patched in version 2.3.0 on November 26, 2025. The flaw arises from insufficient sanitization of user-supplied values in parser field names and encoding parameters. Users are advised to upgrade immediately.
Show sources

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution — thehackernews.com — 21.01.2026 08:04
Open in new tab

Information Snippets

The vulnerability (CVE-2026-1245) affects binary-parser versions prior to 2.3.0.
First reported: 21.01.2026 08:04

1 source, 1 article
Show sources
- CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution — thehackernews.com — 21.01.2026 08:04
The flaw arises from insufficient sanitization of user-supplied values in parser field names and encoding parameters.
First reported: 21.01.2026 08:04

1 source, 1 article
Show sources
- CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution — thehackernews.com — 21.01.2026 08:04
Successful exploitation could lead to arbitrary JavaScript code execution with Node.js process privileges.
First reported: 21.01.2026 08:04

1 source, 1 article
Show sources
- CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution — thehackernews.com — 21.01.2026 08:04
The vulnerability was discovered by security researcher Maor Caplan.
First reported: 21.01.2026 08:04

1 source, 1 article
Show sources
- CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution — thehackernews.com — 21.01.2026 08:04
The binary-parser library is widely used, with approximately 13,000 weekly downloads.
First reported: 21.01.2026 08:04

1 source, 1 article
Show sources
- CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution — thehackernews.com — 21.01.2026 08:04

Summary

Timeline

CVE-2026-1245: binary-parser Vulnerability Patched

Information Snippets