CVE-2026-40931 | node-modules compressing up to 1.10.4/2.1.0 Symbolic Links link following (GHSA-4c3q-x735-j3r5)

A vulnerability was found in node-modules compressing up to 1.10.4/2.1.0. It has been classified as critical. Affected by this issue is some unknown functionality of the component Symbolic Links Handler. Performing a manipulation results in link following.

This vulnerability is known as CVE-2026-40931. Attacking locally is a requirement. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More