Tag
A high-severity OS command injection vulnerability, CVE-2026-50289, exists in the `systeminformation` Node.js library on Linux systems, allowing an attacker who can manipulate `interfaces(5)` configuration files to execute arbitrary commands with the privileges of the calling Node.js process by injecting shell metacharacters into `source` directive paths, which are then unsafely interpolated into an `execSync()` command within the `networkInterfaces()` function.