OS Command Injection Vulnerability in Peer Dependencies by Christopher Thielen
CVE-2026-15033

5.3MEDIUM

Key Information:

Vendor
CVE Published:
8 July 2026

What is CVE-2026-15033?

A vulnerability has been identified in the peerDependencies component of check-peer-dependencies up to version 4.3.4, where the shelljs.exec function is susceptible to OS command injection. This weakness can allow attackers to execute arbitrary commands on the host operating system remotely. Despite early notifications from users regarding the issue, the maintainers have not yet provided a response or patch. It is crucial for users of affected versions to assess their exposure to this vulnerability.

Affected Version(s)

check-peer-dependencies 4.3.0

check-peer-dependencies 4.3.1

check-peer-dependencies 4.3.2

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dremig (VulDB User)
VulDB CNA Team
.