CVE-2026-24910 Overview
CVE-2026-24910 is a trust validation bypass vulnerability in Bun, a fast JavaScript runtime and package manager. The vulnerability allows attackers to spoof the default trusted dependencies list (trust allow list) by creating non-npm packages with matching names. This affects file, link, git, or github package sources, potentially enabling malicious code to execute under the guise of trusted dependencies.
Critical Impact
Attackers can bypass Bun's trust mechanism to execute malicious lifecycle scripts by spoofing trusted package names through alternative package sources, potentially compromising build pipelines and development environments.
Affected Products
- Bun versions prior to 1.3.5
- Development environments using Bun package manager with trusted dependencies
- CI/CD pipelines leveraging Bun for JavaScript/TypeScript builds
Discovery Timeline
- 2026-01-27 - CVE CVE-2026-24910 published to NVD
- 2026-01-29 - Last updated in NVD database
Technical Details for CVE-2026-24910
Vulnerability Analysis
This vulnerability stems from insufficient validation of package source types when checking against the trusted dependencies allow list (CWE-348: Use of Less Trusted Source). Bun maintains a default list of trusted packages that are permitted to run lifecycle scripts during installation. However, the trust verification mechanism fails to properly distinguish between npm registry packages and packages sourced from file paths, symbolic links, git repositories, or GitHub URLs.
When a package is installed, Bun checks if the package name appears on the trusted list. The flaw occurs because this check only validates the package name without verifying the package source origin. An attacker can create a malicious package with the same name as a trusted dependency but distribute it through an alternative source (file, link, git, or github). Since the name matches the allow list, Bun grants the malicious package the same trust privileges as the legitimate npm package, allowing its lifecycle scripts to execute.
Root Cause
The root cause is improper validation in Bun's trust verification system (CWE-348). The trusted dependencies list check compares only package names without considering the package source type or origin. This design assumes all packages with matching names are equivalent, regardless of their distribution channel, creating a name collision vulnerability that can be exploited for trust spoofing.
Attack Vector
The attack requires local access and involves the following scenario: An attacker with the ability to influence a project's package.json or dependency resolution can introduce a malicious package using a file path, symlink, git URL, or GitHub reference. By naming this package identically to one on Bun's trusted dependencies list, the attacker bypasses the trust verification mechanism. When the package is installed, Bun's lifecycle script execution protections are circumvented, allowing arbitrary code execution during the install phase.
The attack complexity is high as it requires the attacker to influence dependency resolution or have write access to project configuration files. However, in supply chain attack scenarios targeting shared development environments or compromised repositories, this vulnerability presents a significant integrity risk.
Detection Methods for CVE-2026-24910
Indicators of Compromise
- Unexpected packages installed from file, link, git, or github sources with names matching known trusted packages
- Unusual lifecycle script execution during bun install operations
- Package.json entries referencing local paths or git URLs for commonly trusted npm packages
- Discrepancies between expected npm registry packages and actual installed package sources
Detection Strategies
- Audit package.json and lockfiles for dependencies using file, link, git, or github protocols that match trusted package names
- Implement package source verification in CI/CD pipelines to flag non-npm sources for trusted dependency names
- Monitor bun.lockb or package lockfiles for unexpected source changes on known packages
- Use SentinelOne's behavioral detection to identify suspicious script execution during package installation
Monitoring Recommendations
- Enable verbose logging for Bun package installations to track package source origins
- Implement file integrity monitoring on project configuration files (package.json, bun.lockb)
- Deploy runtime protection to detect and block unexpected child process spawning during build operations
- Review development environment activity logs for anomalous package installation patterns
How to Mitigate CVE-2026-24910
Immediate Actions Required
- Upgrade Bun to version 1.3.5 or later immediately
- Audit all existing projects for dependencies using file, link, git, or github sources
- Review and verify the legitimacy of any non-npm packages with names matching trusted dependencies
- Temporarily disable lifecycle script execution using --ignore-scripts flag until patched
Patch Information
The vulnerability has been addressed in Bun version 1.3.5. The fix implements proper source validation when checking packages against the trusted dependencies list, ensuring that only packages from the npm registry are granted trust privileges based on the allow list. Users should update immediately by running their preferred update mechanism.
For detailed information about the fix, see the Bun v1.3.5 Release Notes. Additional context on this vulnerability as part of a broader set of JavaScript package manager issues is available in the Koi.ai security research blog.
Workarounds
- Use the --ignore-scripts flag during package installation to prevent lifecycle script execution
- Manually specify trusted packages using explicit npm registry URLs rather than relying on name matching
- Implement a pre-install hook to validate package sources before installation proceeds
- Restrict write access to package.json and lockfiles in shared development environments
# Configuration example
# Install packages with lifecycle scripts disabled
bun install --ignore-scripts
# Verify Bun version after upgrade
bun --version
# Expected output: 1.3.5 or higher
# Audit installed packages for non-npm sources
grep -E '"(file|link|git|github):' package.json
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
