How is CVE-2026-44594 exploited?

Network reachability (required): The attacker must be able to reach the esm.sh service over the network, as the attack vector is network-exposed (AV:N). Authentication (not-required): No account or credential is needed; the attacker triggers the vulnerability by publishing a malicious npm package without any authentication to the target server (PR:N). Victim interaction (not-required): No user action is required on the server side; the malicious package is processed automatically during the build pipeline (UI:N). Attack complexity (info): Attack complexity is low (AC:L), meaning the exploit is reliable and requires no special timing, race conditions, or environment-specific preconditions beyond publishing a crafted package.

What is the impact of CVE-2026-44594?

The attacker reads arbitrary files from the host filesystem that the server process has permission to access, including private keys, API credentials, and environment variable files. Configuration files such as database connection strings or cloud provider credentials stored on the host can be exfiltrated. Any secrets injected into the container at runtime (e.g., mounted Kubernetes secrets or .env files) are exposed if they exist on the filesystem.

Back to search

HIGHCVE-2026-44594Published 2026-05-28Modified 2026-05-28CNA GitHub_M

CVE-2026-44594: esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files

esm.sh is a no-build content delivery network (CDN) for web development. In 137 and earlier, a Local File Inclusion (LFI) vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return arbitrary files from the host filesystem during the build process.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A path traversal (Local File Inclusion) vulnerability exists in esm.sh, a no-build CDN for web development, versions 137 and earlier. The flaw is reachable over the network with no authentication required: an attacker publishes a crafted npm package whose package.json browser field causes the server's esbuild plugin to read arbitrary files from the host filesystem during a build. Successful exploitation gives the attacker read access to any file the server process can reach, including configuration files, secrets, and other sensitive data. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment an upstream fix is published.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that bundle esm.sh. Any image carrying an affected version of esm-dev/esm.sh (137 or earlier) will be flagged automatically.

Available

Triage

HarborGuard scores this finding at CVSS 7.5 HIGH and weights it against each environment's compliance policy to determine urgency. Triage routing is available to direct the finding to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available

Patch

Because no upstream fix version has been published for this CVE, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment the upstream maintainers ship a remediated release. In the interim, compensating-control recommendations (described below) are surfaced alongside the finding.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must be able to reach the esm.sh service over the network, as the attack vector is network-exposed (AV:N).
AuthenticationNot required
No account or credential is needed; the attacker triggers the vulnerability by publishing a malicious npm package without any authentication to the target server (PR:N).
Victim interactionNot required
No user action is required on the server side; the malicious package is processed automatically during the build pipeline (UI:N).
Attack complexityDetail
Attack complexity is low (AC:L), meaning the exploit is reliable and requires no special timing, race conditions, or environment-specific preconditions beyond publishing a crafted package.

Blast Radius

The attacker reads arbitrary files from the host filesystem that the server process has permission to access, including private keys, API credentials, and environment variable files.
Configuration files such as database connection strings or cloud provider credentials stored on the host can be exfiltrated.
Any secrets injected into the container at runtime (e.g., mounted Kubernetes secrets or .env files) are exposed if they exist on the filesystem.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix has been released, HarborGuard continuously re-checks the esm.sh advisory on every ingest cycle and will surface a patched-image rebuild the moment a remediated version is published. For customers with auto-remediation enabled, the rebuild, regression-test run, and a PR against affected workloads will be initiated automatically at that point, with no manual intervention needed. Until a fix is available, HarborGuard recommends applying compensating controls: use network policy to restrict outbound filesystem-adjacent access from the esm.sh container, avoid mounting sensitive host paths or secrets as files inside the container, and consider routing esm.sh traffic through an egress filter that can block requests for packages from untrusted or newly published namespaces. These compensating-control notes are surfaced inline on the finding for each affected image.

See how HarborGuard automates this

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

esm-dev / esm.sh
<= 137

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

https://github.com/esm-dev/esm.sh/security/advisories/GHSA-rg65-45m7-hq57