REPRO-2026-00104 HIGH RCE Verified

systeminformation: Command Injection via WiFi Interface Parameter

systeminformation (npm) Feb 19, 2026

Open in Codespaces Download Script

Confidence HIGH

Reproduced in 19m 36s

Tool calls 107

Affected < 5.30.8

Fixed in 5.30.8

What's the vulnerability?

A command injection vulnerability in the wifiNetworks() function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path.

Root Cause Analysis

One Command

Verify with pruva-verify

Run the Pruva CLI to automatically fetch and execute the reproduction script.

pruva-verify REPRO-2026-00104

or pruva-verify GHSA-9c88-49p5-5ggf

or pruva-verify CVE-2026-26280

Install: curl -fsSL https://pruva.dev/install.sh | sh

Or Run Manually

Download the script

curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00104/artifacts/repro/reproduction_steps.sh

Make executable

chmod +x reproduction_steps.sh

Run the script

./reproduction_steps.sh

Run in a VM, container, or disposable environment. This exploits a real vulnerability.

How Pruva Reproduced This

Watch the AI agent's step-by-step process.

Loading session...

Artifacts

repro/rca_report.md6.3 KB

repro/reproduction_steps.sh5.3 KB

bundle/ticket.md1.9 KB

bundle/source.json4.0 KB

bundle/ticket.json6.4 KB

logs/variant_analysis.log1.3 KB

logs/variant_fixed.log0.7 KB

logs/variant_vuln.log0.7 KB

logs/vulnerable_code.log0.5 KB

logs/repro_output.log0.6 KB