cvedb.io
CVE-2026-1245
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-01-20T19:15:50.573 · Last modified 2026-06-17T10:15:23.183

Summary

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without sanitization, enabling attackers to execute arbitrary code in the context of the Node.js process.

Affected products

keichi — binary-parser

Does this affect you?

Add your gear to cvedb and we'll alert you only when keichi ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.