CVE-2026-2265

MEDIUM 6.5

Replicator 1.0.5 is vulnerable to Remote Code Execution through Insecure Deserialization

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input and execute the resulting object.

Vendor	replicator
Product	replicator
Published	Apr 1, 2026
Last Updated	Apr 1, 2026

Stay Ahead of the Next One

Get instant alerts for replicator replicator

Be the first to know when new medium vulnerabilities affecting replicator replicator are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Replicator / Replicator

1.0.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/inikulin/replicator github.com: https://github.com/inikulin/replicator/pull/19 morielharush.github.io: https://morielharush.github.io/2026/03/31/cve-2026-2265-replicator-deserialization-of-untrusted-data/