{"id":"ROOT-APP-NPM-CVE-2026-2229","summary":"CVE-2026-2229 in @rootio/undici - Patched by Root","details":"Root has patched CVE-2026-2229 in the @rootio/undici package for Root:npm. Multiple fixed versions available.","modified":"2026-06-05T01:30:24.402857037Z","published":"2026-06-04T21:05:38Z","upstream":["CVE-2026-2229"],"database_specific":{"distro":"npm","distro_version":"","source":"Root","severity":"HIGH"},"affected":[{"package":{"name":"@rootio/undici","ecosystem":"Root:npm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.21.3-root.io.2"},{"fixed":"6.21.3-root.io.3"},{"fixed":"6.21.3-root.io.4"},{"fixed":"6.21.3-root.io.5"},{"fixed":"7.5.0-root.io.1"},{"fixed":"6.21.2-root.io.2"},{"fixed":"7.5.0-root.io.2"},{"fixed":"7.5.0-root.io.3"},{"fixed":"6.21.2-root.io.3"},{"fixed":"6.21.3-root.io.6"},{"fixed":"6.21.2-root.io.4"},{"fixed":"7.5.0-root.io.4"},{"fixed":"6.21.2-root.io.5"},{"fixed":"7.5.0-root.io.5"},{"fixed":"6.21.3-root.io.7"},{"fixed":"6.19.2-root.io.4"},{"fixed":"6.19.2-root.io.5"},{"fixed":"6.19.2-root.io.6"},{"fixed":"5.29.0-root.io.1"},{"fixed":"5.29.0-root.io.2"},{"fixed":"6.21.2-root.io.6"},{"fixed":"5.29.0-root.io.3"},{"fixed":"6.19.2-root.io.7"},{"fixed":"6.21.3-root.io.8"},{"fixed":"7.5.0-root.io.6"}]}],"database_specific":{"root_patched":true,"source":"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-2229.json","upstream_version":"7.5.0-root.io.6","all_fixed_versions":["6.21.3-root.io.2","6.21.3-root.io.3","6.21.3-root.io.4","6.21.3-root.io.5","7.5.0-root.io.1","6.21.2-root.io.2","7.5.0-root.io.2","7.5.0-root.io.3","6.21.2-root.io.3","6.21.3-root.io.6","6.21.2-root.io.4","7.5.0-root.io.4","6.21.2-root.io.5","7.5.0-root.io.5","6.21.3-root.io.7","6.19.2-root.io.4","6.19.2-root.io.5","6.19.2-root.io.6","5.29.0-root.io.1","5.29.0-root.io.2","6.21.2-root.io.6","5.29.0-root.io.3","6.19.2-root.io.7","6.21.3-root.io.8","7.5.0-root.io.6"],"total_fixed_versions":25,"root_patch_version":""}},{"package":{"name":"undici","ecosystem":"Root:npm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.21.2-aikido.6"},{"fixed":"5.29.0-aikido.3"},{"fixed":"6.19.2-aikido.7"},{"fixed":"6.21.3-aikido.8"},{"fixed":"7.5.0-aikido.6"}]}],"database_specific":{"root_patched":true,"root_patch_version":"","all_fixed_versions":["6.21.2-aikido.6","5.29.0-aikido.3","6.19.2-aikido.7","6.21.3-aikido.8","7.5.0-aikido.6"],"source":"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-2229.json","total_fixed_versions":5,"upstream_version":"7.5.0-aikido.6"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}