CVE-2026-13760 | AWS CDK up to 2.259.x package.json os command injection (GHSA-vcrf-j523-4mrf)
A vulnerability identified as critical has been detected in AWS CDK up to 2.259.x. Affected is an unknown function of the file package.json. The manipulation leads to os command injection.
This vulnerability is documented as CVE-2026-13760. The attack needs to be performed locally. There is not any exploit available.
You should upgrade the affected component.VulDB Recent EntriesRead More