Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Minimatch Package Allows Unauthorized File Access
ROOT-APP-NPM-CVE-2026-27904
Summary
The minimatch package, used by Root:npm, had a security flaw that could have allowed unauthorized access to files. This was fixed by Root, and users should update to the latest version to protect their systems.
What to do
- Update rootio @rootio/minimatch to version 5.1.0-root.io.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| rootio | @rootio/minimatch | <= 5.1.0-root.io.2 | 5.1.0-root.io.2 |
Original title
CVE-2026-27904 in @rootio/minimatch - Patched by Root
Original description
Root has patched CVE-2026-27904 in the @rootio/minimatch package for Root:npm. Multiple fixed versions available.
Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026