Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Fast XML Parser Allows Unrestricted Code Execution
ROOT-APP-NPM-CVE-2026-27942
Summary
The Fast XML Parser library may allow an attacker to inject malicious code, which could potentially execute arbitrary commands. This affects users who rely on the library to parse XML data. Update to the latest version to ensure security.
What to do
- Update rootio @rootio/fast-xml-parser to version 4.4.1-root.io.6.
- Update rootio @rootio/fast-xml-parser to version 5.3.6-root.io.3.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| rootio | @rootio/fast-xml-parser | <= 4.4.1-root.io.6 | 4.4.1-root.io.6 |
| rootio | @rootio/fast-xml-parser | <= 5.3.6-root.io.3 | 5.3.6-root.io.3 |
Original title
CVE-2026-27942 in @rootio/fast-xml-parser - Patched by Root
Original description
Root has patched CVE-2026-27942 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available.
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 29 Mar 2026