A critical vulnerability (CVE-2026-45618) was discovered in the Liquidjs template engine, which is widely used by JavaScript developers. This flaw allows attackers to achieve remote code execution, posing a significant risk to over 7.3 million projects. The vulnerability originates from an input validation issue, enabling unauthorized execution of system commands. To mitigate this risk, users are advised to update to version 10.27.0 if they are using Liquidjs version 10.25.7 or earlier. Security teams should act promptly to secure their environments.
Critical Liquidjs Flaw (CVE-2026-45618) Lets Attackers Run Code
CyberSIXT Evidence Panel
Article by CyberSIXT