A publicly disclosed vulnerability has revealed a complete patch bypass for CVE-2026-24884, a previously remediated symlink traversal flaw residing in the widely used Node.js compressing npm library.  The new vulnerability, formally tracked as CVE-2026-40931, carries a High severity rating and enables arbitrary file writes outside the intended extraction directory, requiring zero prior system access. The original CVE-2026-24884 addressed malicious symbolic links embedded […]
The post Node.js Compression Library Vulnerable Again After CVE-2026-24884 Bypass appeared first on Cyber Security News.