Vulnerability in Replicator
CVE-2026-2265
An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input and execute the resulting object.
EPSS: 0.001 (30.0th percentile) — read the EPSS interpretation.
Affected products
- Replicator — versions 1.0.5