Description
It is possible to execute arbitrary code with crafted templates
Recommendation
Update the liquidjs package to the latest compatible version. Followings are version details:
- Affected version(s): < 10.26.0
- Patched version(s): 10.26.0
References
Related Issues
- FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass - CVE-2026-43947
- paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass - paperclipai - CVE-2026-41679
- paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass - CVE-2026-41679
- Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages - CVE-2025-59417
You might also like:
- Tags:
- npm
- liquidjs
Anything's wrong? Let us know Last updated on May 27, 2026


