Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Root:npm protobufjs Data Tampering Risk
ROOT-APP-NPM-CVE-2026-41242
Summary
The @rootio/protobufjs package in Root:npm has a data tampering risk. This means that an attacker could manipulate data to deceive users. Root has released a patch to fix this issue, and you should update to the latest version of the package.
What to do
- Update rootio @rootio/protobufjs to version 7.4.0-root.io.2.
- Update rootio @rootio/protobufjs to version 7.5.4-root.io.2.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:npm | rootio | @rootio/protobufjs |
< 7.4.0-root.io.2 < 7.5.4-root.io.2 Fix: upgrade to 7.4.0-root.io.2
|
Original title
CVE-2026-41242 in @rootio/protobufjs - Patched by Root
Original description
Root has patched CVE-2026-41242 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available.
osv CVSS3.1
9.8
Published: 18 May 2026 · Updated: 18 May 2026 · First seen: 15 May 2026