Executive Summary

On January 21, 2026, the CERT Coordination Center (CERT/CC) issued an alert for CVE-2026-1245, a significant code execution vulnerability in 'binary-parser', a widely-used npm library for Node.js. The vulnerability allows an attacker to inject and execute arbitrary JavaScript code within the context of the Node.js process. The root cause is the library's failure to sanitize user input when dynamically generating parser code at runtime. This flaw represents a serious software supply chain risk, as it can be triggered in any application that uses 'binary-parser' to process data from an untrusted source. A patch has been released in version 2.3.0, and all developers using this library are advised to update immediately.

Vulnerability Details

• CVE ID: CVE-2026-1245
• CVSS Score: 6.5 (Medium)
• Affected Library: binary-parser npm library versions prior to 2.3.0.
• Description: The 'binary-parser' library improves performance by dynamically generating JavaScript source code for its parsers as a string and then compiling it using the Function constructor (new Function(...)). However, it fails to properly sanitize all user-supplied input that is incorporated into this dynamically generated code. An attacker who can control the input being parsed can inject malicious JavaScript code. This code is then executed by the Function constructor, leading to arbitrary code execution.

// Simplified conceptual example
var userInput = '});require("child_process").execSync("touch /tmp/pwned");//';
var codeString = 'return new Parser().string("message", { length: ' + userInput + ' });';

// The library effectively does this, leading to code injection
var func = new Function('Parser', codeString);

Affected Systems

Any Node.js application that uses the 'binary-parser' npm library (versions before 2.3.0) to parse data from an untrusted source is vulnerable. This includes applications processing:

• Network protocols
• File formats
• User-submitted data via APIs

Exploitation Status

A proof-of-concept is publicly available. Given the popularity of the library, it is likely that threat actors will begin scanning for and exploiting this vulnerability in public-facing applications.

Impact Assessment

This is a classic software supply chain vulnerability. A single flaw in a popular, low-level library can introduce a critical vulnerability into thousands of downstream applications. A successful exploit of CVE-2026-1245 allows an attacker to achieve Remote Code Execution (RCE) on the server running the Node.js application. This could lead to a complete server compromise, data theft, lateral movement within the network, and deployment of further malware.

Detection Methods

1. Software Composition Analysis (SCA): The most effective way to detect this vulnerability is to use an SCA tool to scan your projects' dependencies. These tools can identify if you are using a vulnerable version of the binary-parser library.
2. Code Review: Manually inspect package.json and package-lock.json files for the presence of binary-parser and check its version.
3. Dynamic Analysis: In a testing environment, use fuzzing techniques to supply malformed input to parts of your application that use the library to see if you can trigger unexpected behavior, though this is less reliable than SCA.

Remediation Steps

1. Update the Library: The only remediation is to update the binary-parser library to the patched version 2.3.0 or later. This can be done by running the following command in your project directory:

   npm install binary-parser@latest
   

   Or, if using yarn:

   yarn upgrade binary-parser --latest
   

   This action directly corresponds to MITRE ATT&CK Mitigation M1051 - Update Software.
2. Validate Dependencies: After updating, delete your node_modules directory and package-lock.json file, then run npm install again to ensure a clean installation of the patched dependency tree.
3. Input Sanitization: As a general best practice, always treat data from external sources as untrusted and sanitize it before processing, even when using libraries that are believed to be secure.