Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
Root Sanitize HTML Package Security Patch
ROOT-APP-NPM-CVE-2026-44990
Summary
A security patch has been released for the @rootio/sanitize-html package used by Root. This update addresses a security issue that could potentially allow malicious code to be executed. To ensure security, update to the latest version of the package.
What to do
- Update rootio @rootio/sanitize-html to version 2.17.2-root.io.1.
- Update rootio @rootio/sanitize-html to version 2.12.1-root.io.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:npm | rootio | @rootio/sanitize-html |
< 2.17.2-root.io.1 < 2.12.1-root.io.1 Fix: upgrade to 2.17.2-root.io.1
|
Original title
CVE-2026-44990 in @rootio/sanitize-html - Patched by Root
Original description
Root has patched CVE-2026-44990 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available.
osv CVSS3.1
9.3
Published: 18 May 2026 · Updated: 18 May 2026 · First seen: 15 May 2026