Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Fedora 42 yarnpkg Critical Code Execution Fix FEDORA-2026-7a6943e57d

fedora
Calendar Grey April 12, 2026
Dist Fedora Esm H88
Critical update for Yarn Package in Fedora 42 addresses security risks associated with arbitrary code execution.
Refresh vendor bundle, fixes CVE-2026-4800.

Summary

Fast, reliable, and secure dependency management.

Update Information:

Refresh vendor bundle, fixes CVE-2026-4800.

Topics%20covered

Topics Covered

security advisory fedora critical code execution cve-2026-4800 yarn package

Change Log

* Thu Apr 2 2026 Sandro Mani - 1.22.22-18 - Add yarn-jsyaml4.patch - Refresh vendor bundle, fixes CVE-2026-4800

References


[ 1 ] Bug #2454058 - CVE-2026-4800 yarnpkg: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454058

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7a6943e57d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: yarnpkg
Product: Fedora 42
Version: 1.22.22
Release: 18.fc42
URL: https://github.com/yarnpkg/yarn
Summary: Fast, reliable, and secure dependency management.

Topics%20covered

Topics Covered

security advisory fedora critical code execution cve-2026-4800 yarn package

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here