CVE-2026-44728

EUVD-2026-31946
Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and 8.0.0-alpha.13.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
babelbabel
7.12.0 ≤
𝑥
< 7.29.4
babelbabel
8.0.0:alpha0
babelbabel
8.0.0:alpha1
babelbabel
8.0.0:alpha10
babelbabel
8.0.0:alpha11
babelbabel
8.0.0:alpha12
babelbabel
8.0.0:alpha2
babelbabel
8.0.0:alpha3
babelbabel
8.0.0:alpha4
babelbabel
8.0.0:alpha5
babelbabel
8.0.0:alpha6
babelbabel
8.0.0:alpha7
babelbabel
8.0.0:alpha8
babelbabel
8.0.0:alpha9
𝑥
= Vulnerable software versions