Cyber Posture

CVE-2026-27190

HighPublic PoCRCE

Published: 20 February 2026

Published
20 February 2026
Modified
02 March 2026
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0091 76.0th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27190 is a high-severity OS Command Injection (CWE-78) vulnerability in Deno Deno. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly requires timely remediation of the command injection flaw in Deno's node:child_process by upgrading to version 2.6.8 or later.

RA-5 Vulnerability Monitoring and Scanning good match
detect

Vulnerability scanning identifies systems running vulnerable Deno versions prior to 2.6.8 affected by this CVE.

CM-10 Software Usage Restrictions partial match
prevent

Restricts execution and deployment of unapproved vulnerable Deno versions, limiting exposure to the command injection vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
Why these techniques?

Command injection vulnerability in Deno's child_process enables remote exploitation of public-facing applications (T1190) for arbitrary OS command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:child_process implementation. This vulnerability is fixed in 2.6.8.

Deeper analysisAI

CVE-2026-27190 is a command injection vulnerability (CWE-78) in the node:child_process implementation of Deno, a runtime for JavaScript, TypeScript, and WebAssembly. The issue affects Deno versions prior to 2.6.8, as disclosed on February 20, 2026, with a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to potential high impacts on confidentiality, integrity, and availability.

Attackers can exploit this vulnerability remotely over the network without privileges or user interaction, though it requires high attack complexity. Successful exploitation enables command injection, allowing attackers to execute arbitrary commands on the host system, potentially leading to full remote code execution, data compromise, or system disruption within the Deno runtime environment.

Deno's security advisory (GHSA-hmh4-3xvx-q5hr) and release notes confirm the vulnerability is fixed in version 2.6.8. Mitigation involves upgrading to Deno 2.6.8 or later, with the specific patch detailed in commit 9132ad958c83a0d0b199de12b69b877f63edab4c available on the project's GitHub repository.

Details

CWE(s)
CWE-78

Affected Products

deno
deno
≤ 2.6.8

CVEs Like This One

CVE-2026-32260Same product: Deno Deno
CVE-2026-22863Same product: Deno Deno
CVE-2026-22864Same product: Deno Deno
CVE-2025-61787Same product: Deno Deno
CVE-2025-0680Shared CWE-78
CVE-2025-23316Shared CWE-78
CVE-2025-11900Shared CWE-78
CVE-2026-25108Shared CWE-78
CVE-2025-50197Shared CWE-78
CVE-2026-0980Shared CWE-78

References