{"id":"CVE-2026-26318","summary":"systeminformation has Command Injection via Unsanitized `locate` Output in `versions()`","details":"systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized `locate` output in `versions()`. Version 5.31.0 fixes the issue.","aliases":["GHSA-5vv4-hvf7-2h46"],"modified":"2026-04-10T05:36:57.961460Z","published":"2026-02-19T19:48:55.816Z","related":["CGA-7gmh-rw28-x3x6"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26318.json","cwe_ids":["CWE-78"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26318.json"},{"type":"ADVISORY","url":"https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-5vv4-hvf7-2h46"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26318"},{"type":"FIX","url":"https://github.com/sebhildebrandt/systeminformation/commit/b67d3715eec881038ccbaace2f2711419ac3e107"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sebhildebrandt/systeminformation","events":[{"introduced":"0"},{"fixed":"5a534cd62a42164e7c9a8f3699196b5d5f42b8fe"}]}],"versions":["v3.42.5","v3.42.6","v3.42.7","v3.42.8","v3.45.8","v3.45.9","v3.48.2","v3.48.3","v3.48.4","v3.51.1","v3.51.2","v3.52.0","v3.52.1","v4.0.12","v4.0.13","v4.0.14","v4.0.15","v4.0.6","v4.0.7","v4.0.9","v4.1.5","v4.1.6","v4.1.7","v4.1.8","v4.11.5","v4.11.6","v4.12.1","v4.12.2","v4.13.1","v4.13.2","v4.14.0","v4.14.10","v4.14.11","v4.14.14","v4.14.15","v4.14.3","v4.14.5","v4.14.6","v4.14.7","v4.14.9","v4.15.0","v4.15.1","v4.16.0","v4.16.1","v4.17.0","v4.17.1","v4.17.2","v4.17.3","v4.18.0","v4.18.1","v4.18.2","v4.18.3","v4.19.0","v4.19.1","v4.19.2","v4.19.3","v4.19.4","v4.2.0","v4.2.1","v4.20.0","v4.20.1","v4.21.0","v4.22.6","v4.22.7","v4.23.0","v4.23.1","v4.23.10","v4.23.2","v4.23.3","v4.23.4","v4.23.5","v4.23.6","v4.23.7","v4.23.8","v4.23.9","v4.24.0","v4.24.1","v4.25.2","v4.26.10","v4.26.11","v4.26.12","v4.26.2","v4.26.3","v4.26.4","v4.26.5","v4.26.6","v4.26.7","v4.26.8","v4.26.9","v4.27.0","v4.27.1","v4.27.10","v4.27.11","v4.27.2","v4.27.3","v4.27.4","v4.27.5","v4.27.6","v4.27.7","v4.27.8","v4.27.9","v4.28.0","v4.28.1","v4.29.0","v4.29.1","v4.29.2","v4.29.3","v4.3.0","v4.30.0","v4.30.1","v4.30.10","v4.30.11","v4.30.2","v4.30.3","v4.30.4","v4.30.5","v4.30.6","v4.30.7","v4.30.8","v4.30.9","v4.31.1","v4.31.2","v4.32.0","v4.33.0","v4.33.1","v4.33.2","v4.33.3","v4.33.4","v4.33.5","v4.33.6","v4.33.7","v4.33.8","v4.34.0","v4.34.1","v4.34.2","v4.34.3","v4.34.4","v4.34.5","v4.34.6","v4.34.7","v4.34.8","v4.34.9","v4.6.1","v4.7.0","v4.7.1","v4.7.2","v4.7.3","v4.8.4","v4.9.0","v5.0.0","v5.0.1","v5.0.10","v5.0.11","v5.0.2","v5.0.3","v5.0.4","v5.0.5","v5.0.6","v5.0.7","v5.0.8","v5.0.9","v5.1.0","v5.1.1","v5.1.2","v5.10.0","v5.10.1","v5.10.2","v5.10.3","v5.10.4","v5.10.5","v5.10.6","v5.10.7","v5.11.0","v5.11.1","v5.11.11","v5.11.12","v5.11.13","v5.11.14","v5.11.15","v5.11.16","v5.11.17","v5.11.18","v5.11.19","v5.11.2","v5.11.20","v5.11.21","v5.11.22","v5.11.23","v5.11.24","v5.11.25","v5.11.26","v5.11.3","v5.11.4","v5.11.5","v5.11.6","v5.11.7","v5.11.8","v5.12.0","v5.12.1","v5.12.10","v5.12.11","v5.12.12","v5.12.13","v5.12.14","v5.12.15","v5.12.2","v5.12.3","v5.12.4","v5.12.5","v5.12.6","v5.12.7","v5.12.8","v5.12.9","v5.13.0","v5.13.1","v5.13.2","v5.13.3","v5.13.4","v5.13.5","v5.14.0","v5.14.1","v5.14.2","v5.14.3","v5.14.4","v5.15.0","v5.15.1","v5.16.0","v5.16.1","v5.16.2","v5.16.3","v5.16.4","v5.16.5","v5.16.6","v5.16.7","v5.16.8","v5.16.9","v5.17.0","v5.17.1","v5.17.10","v5.17.11","v5.17.12","v5.17.13","v5.17.14","v5.17.15","v5.17.16","v5.17.17","v5.17.2","v5.17.3","v5.17.4","v5.17.5","v5.17.6","v5.17.7","v5.17.8","v5.17.9","v5.18.0","v5.18.1","v5.18.10","v5.18.11","v5.18.12","v5.18.13","v5.18.14","v5.18.15","v5.18.2","v5.18.3","v5.18.4","v5.18.5","v5.18.6","v5.18.7","v5.18.8","v5.18.9","v5.19.0","v5.19.1","v5.2.0","v5.2.1","v5.2.2","v5.2.3","v5.2.4","v5.2.5","v5.2.6","v5.2.7","v5.20.0","v5.21.0","v5.21.1","v5.21.10","v5.21.11","v5.21.12","v5.21.13","v5.21.14","v5.21.15","v5.21.16","v5.21.17","v5.21.18","v5.21.19","v5.21.2","v5.21.20","v5.21.21","v5.21.22","v5.21.23","v5.21.24","v5.21.25","v5.21.3","v5.21.4","v5.21.5","v5.21.6","v5.21.7","v5.21.8","v5.21.9","v5.22.0","v5.22.1","v5.22.10","v5.22.11","v5.22.2","v5.22.3","v5.22.4","v5.22.5","v5.22.6","v5.22.7","v5.22.8","v5.22.9","v5.23.0","v5.23.1","v5.23.10","v5.23.11","v5.23.12","v5.23.13","v5.23.14","v5.23.15","v5.23.16","v5.23.17","v5.23.18","v5.23.19","v5.23.2","v5.23.20","v5.23.21","v5.23.22","v5.23.23","v5.23.24","v5.23.25","v5.23.3","v5.23.4","v5.23.5","v5.23.6","v5.23.7","v5.23.8","v5.23.9","v5.24.0","v5.24.1","v5.24.2","v5.24.3","v5.24.4","v5.24.5","v5.24.6","v5.24.7","v5.24.8","v5.24.9","v5.25.0","v5.25.1","v5.25.10","v5.25.11","v5.25.2","v5.25.3","v5.25.4","v5.25.5","v5.25.6","v5.25.7","v5.25.8","v5.25.9","v5.26.0","v5.26.1","v5.26.2","v5.27.0","v5.27.1","v5.27.10","v5.27.11","v5.27.12","v5.27.13","v5.27.14","v5.27.15","v5.27.16","v5.27.17","v5.27.2","v5.27.3","v5.27.4","v5.27.5","v5.27.6","v5.27.7","v5.27.8","v5.27.9","v5.28.0","v5.28.1","v5.28.10","v5.28.2","v5.28.3","v5.28.4","v5.28.5","v5.28.6","v5.28.7","v5.28.8","v5.28.9","v5.29.0","v5.29.1","v5.3.0","v5.3.1","v5.3.2","v5.3.3","v5.3.4","v5.3.5","v5.30.0","v5.30.1","v5.30.2","v5.30.3","v5.30.4","v5.30.5","v5.30.6","v5.30.7","v5.30.8","v5.4.0","v5.5.0","v5.6.0","v5.6.1","v5.6.10","v5.6.11","v5.6.12","v5.6.13","v5.6.14","v5.6.15","v5.6.16","v5.6.17","v5.6.18","v5.6.19","v5.6.2","v5.6.20","v5.6.21","v5.6.22","v5.6.3","v5.6.4","v5.6.5","v5.6.6","v5.6.7","v5.6.8","v5.6.9","v5.7.0","v5.7.1","v5.7.10","v5.7.11","v5.7.12","v5.7.13","v5.7.14","v5.7.2","v5.7.3","v5.7.4","v5.7.5","v5.7.6","v5.7.7","v5.7.8","v5.7.9","v5.8.0","v5.8.1","v5.8.2","v5.8.3","v5.8.4","v5.8.5","v5.8.6","v5.8.7","v5.8.8","v5.8.9","v5.9.0","v5.9.1","v5.9.10","v5.9.11","v5.9.12","v5.9.13","v5.9.14","v5.9.15","v5.9.16","v5.9.17","v5.9.18","v5.9.2","v5.9.3","v5.9.4","v5.9.5","v5.9.6","v5.9.7","v5.9.8","v5.9.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26318.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}