CVE-2026-44724
Command Injection in systeminformation Library
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-44724 is a high-severity command injection vulnerability in the systeminformation library for Linux systems, specifically in the networkInterfaces() function.
The vulnerability arises because the library sanitizes network interface names but does not sanitize NetworkManager connection profile names, which can contain shell metacharacters.
These unsanitized connection profile names are interpolated directly into shell commands executed via execSync(), allowing an attacker who can create or rename an active NetworkManager connection profile to inject and execute arbitrary shell commands with the privileges of the Node.js process.
This issue affects versions 4.17.0 through 5.31.5 of the systeminformation npm package and was fixed in version 5.31.6.
How can this vulnerability impact me? :
This vulnerability allows an attacker with local access to create or rename a NetworkManager connection profile with malicious shell commands embedded in its name.
When the networkInterfaces() function is called, these malicious commands are executed with the privileges of the Node.js process running the systeminformation library.
The impact includes potential full compromise of the affected system, unauthorized access to sensitive environment variables and process context data, and execution of arbitrary commands leading to confidentiality, integrity, and availability breaches.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your system is running a vulnerable version of the systeminformation library (versions 4.17.0 through 5.31.5) on Linux. Specifically, you should inspect active NetworkManager connection profile names for the presence of shell metacharacters, as these unsanitized names are the root cause of the command injection.
You can use the nmcli command to list active NetworkManager connection profiles and examine their names for suspicious characters that could be used for command injection.
- Run `nmcli connection show --active` to list active connection profiles.
- Inspect the output for profile names containing shell metacharacters such as `;`, `&`, `|`, `$`, `>`, `<`, or backticks.
- If you are using the systeminformation library, calling the `networkInterfaces()` function may trigger the vulnerability if such profile names exist.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the systeminformation library to version 5.31.6 or later, where the vulnerability is fixed.
Until the upgrade is applied, avoid using or creating NetworkManager connection profiles with names containing shell metacharacters, as these can be exploited for command injection.
Additionally, consider restricting permissions to prevent untrusted users from creating or renaming NetworkManager connection profiles.