Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
lodash for Root:npm allows arbitrary code execution
ROOT-APP-NPM-CVE-2026-4800
Summary
The lodash library for Root's npm package has been patched to prevent malicious code from being executed. This library is used by various Root applications, so it's essential to update to the latest version to ensure your systems remain secure. Update to the latest version of @rootio/lodash to fix this issue.
What to do
- Update rootio @rootio/lodash to version 4.17.21-root.io.2.
- Update rootio @rootio/lodash to version 4.17.20-root.io.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| rootio | @rootio/lodash | <= 4.17.21-root.io.2 | 4.17.21-root.io.2 |
| rootio | @rootio/lodash | <= 4.17.20-root.io.2 | 4.17.20-root.io.2 |
Original title
CVE-2026-4800 in @rootio/lodash - Patched by Root
Original description
Root has patched CVE-2026-4800 in the @rootio/lodash package for Root:npm. Multiple fixed versions available.
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 6 Apr 2026