Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Root npm Package @rootio/tar: Uncontrolled Resource Consumption
ROOT-APP-NPM-CVE-2026-23950
Summary
A bug in the @rootio/tar package for Root's npm could cause a malicious actor to consume excessive system resources, potentially leading to a denial of service. This issue has been fixed in a recent update, and users are advised to upgrade to a patched version to prevent this risk.
What to do
- Update rootio @rootio/tar to version 6.2.1-root.io.5.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| rootio | @rootio/tar | <= 6.2.1-root.io.5 | 6.2.1-root.io.5 |
Original title
CVE-2026-23950 in @rootio/tar - Patched by Root
Original description
Root has patched CVE-2026-23950 in the @rootio/tar package for Root:npm. Multiple fixed versions available.
Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026