{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T08:41:23.238","vulnerabilities":[{"cve":{"id":"CVE-2026-2265","sourceIdentifier":"cret@cert.org","published":"2026-04-01T17:28:38.410","lastModified":"2026-04-03T16:11:11.357","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input and execute the resulting object."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"references":[{"url":"https://github.com/inikulin/replicator","source":"cret@cert.org"},{"url":"https://github.com/inikulin/replicator/pull/19","source":"cret@cert.org"},{"url":"https://morielharush.github.io/2026/03/31/cve-2026-2265-replicator-deserialization-of-untrusted-data/","source":"cret@cert.org"}]}}]}