How is CVE-2026-10796 exploited?

Network reachability (required): The attacker must be able to reach the victim's nvm client over the network, either by operating the configured mirror, by serving mirror content to a user on a non-default mirror, or by intercepting traffic to a non-TLS mirror. Authentication (not-required): No credentials are needed; any party that can serve or intercept the mirror's index.tab response can inject malicious version strings. Victim interaction (required): A developer or CI pipeline must actively run a command such as nvm install that fetches and processes the mirror's version index, making this a social-engineering or misconfiguration-targeting attack. Attack complexity (info): Exploitation requires a specific pre-condition (control of or a man-in-the-middle position on the configured mirror), so the attack is not condition-free even though the injection itself is straightforward once that position is established.

What is the impact of CVE-2026-10796?

Executes arbitrary shell commands with the full privileges of the user or service account running nvm, which on a developer workstation includes access to SSH keys, credentials, and home-directory files. On a CI runner, reads secrets injected as environment variables (API tokens, signing keys, cloud credentials) and can exfiltrate or abuse them within the same build job. Writes or overwrites files accessible to the running user, enabling persistent backdoors or corruption of build artifacts before they are published. Crashes or corrupts the Node.js installation process, breaking downstream build and deployment pipelines.

Back to search

HIGHCVE-2026-10796Published 2026-06-04Modified 2026-06-04CNA openjs

CVE-2026-10796: nvm executes commands from a malicious Node.js mirror's version strings

nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as `nvm install` read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs and shell/awk commands. Two sinks are affected by the same untrusted input: nvm_download() built a curl/wget command string and ran it with `eval`, so a version field containing command substitution (for example $(id)) was executed by the local shell; and nvm_get_checksum() interpolated the version-derived download slug into an awk program, so a crafted version could execute arbitrary commands via awk's system(). An attacker who controls the configured mirror, supplies mirror content to a user or CI on a non-default mirror, or machine-in-the-middles a non-TLS mirror can ∴ run arbitrary commands with the privileges of the user running nvm. The default mirror (https://nodejs.org over TLS) is not affected. Fixed on master (pending the next tagged release) by passing every argument as a literal argv element instead of using eval, by passing the value to awk as data via -v instead of interpolating it into the program, and by rejecting any version outside the Node.js/io.js version grammar before it is used.

CVSS v4.0: 7.5
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

This is a command injection vulnerability in nvm (Node Version Manager) versions through 0.40.4. An attacker who controls the Node.js mirror nvm is configured to use can embed shell commands inside version strings returned by that mirror's index.tab file; nvm then passes those strings unsanitized into eval and awk, executing the attacker's commands with the privileges of the local user running nvm. Successful exploitation gives the attacker full code execution on the developer's machine or CI runner. No fix version has been tagged yet; HarborGuard is tracking the upstream advisory and will make a patched-image rebuild available the moment a tagged release is published.

HarborGuard Coverage

Detection

Detection of CVE-2026-10796 is available across every HarborGuard environment: the CVE is ingested from upstream feeds (including the openjs CNA feed) within minutes of publication and matched against customer images, including custom-built images that bundle nvm or invoke it during build stages.

Available

Triage

HarborGuard scores this finding at CVSS 7.5 HIGH and weights it against each environment's compliance policy, so teams with stricter thresholds for supply-chain or CI-touching vulnerabilities have it surfaced accordingly; routed findings land in the inbox of the team mapped to each affected workload.

Available

Patch

Because no fix version has been published yet, HarborGuard re-checks the openjs advisory on every ingest cycle and will automatically make a patched-image rebuild available the moment the upstream tagged release appears. For customers who opt into auto-remediation, that rebuild triggers a regression run and a PR opened against affected workloads without any manual intervention.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must be able to reach the victim's nvm client over the network, either by operating the configured mirror, by serving mirror content to a user on a non-default mirror, or by intercepting traffic to a non-TLS mirror.
AuthenticationNot required
No credentials are needed; any party that can serve or intercept the mirror's index.tab response can inject malicious version strings.
Victim interactionRequired
A developer or CI pipeline must actively run a command such as nvm install that fetches and processes the mirror's version index, making this a social-engineering or misconfiguration-targeting attack.
Attack complexityDetail
Exploitation requires a specific pre-condition (control of or a man-in-the-middle position on the configured mirror), so the attack is not condition-free even though the injection itself is straightforward once that position is established.

Blast Radius

Executes arbitrary shell commands with the full privileges of the user or service account running nvm, which on a developer workstation includes access to SSH keys, credentials, and home-directory files.
On a CI runner, reads secrets injected as environment variables (API tokens, signing keys, cloud credentials) and can exfiltrate or abuse them within the same build job.
Writes or overwrites files accessible to the running user, enabling persistent backdoors or corruption of build artifacts before they are published.
Crashes or corrupts the Node.js installation process, breaking downstream build and deployment pipelines.

How HarborGuard Handles This

Available on HarborGuard: because no tagged fix release exists for CVE-2026-10796 as of publication, HarborGuard monitors the openjs advisory on every ingest cycle and will surface a patched-image rebuild the moment the upstream project cuts a tagged release. In the interim, compensating controls available through HarborGuard include network-policy annotations that flag or block images configured to use non-default, non-TLS mirrors, and pipeline-gate rules that fail builds containing nvm versions at or below 0.40.4 until a fix is confirmed. For customers who opt into auto-remediation, the rebuilt image, regression run, and PR against affected workloads will be triggered automatically on first availability of the upstream fix, with no manual steps required.

See how HarborGuard automates this

Affected packages

nvm-sh / nvm
≤ 0.40.4

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

Metrics

Get notified