プラットフォーム
sap
コンポーネント
srm
修正版
702.0.1
713.0.1
714.0.1
CVE-2026-0512 is a critical vulnerability affecting the @uipath/packager-tool-bpmn package, specifically versions up to 0.0.9. This vulnerability allows for complete system compromise, potentially granting an attacker full control over the affected machine. Due to the severity, immediate action is required to mitigate the risk. The vulnerability was publicly disclosed on 2026-05-12.
The impact of CVE-2026-0512 is severe. An attacker who successfully exploits this vulnerability can gain complete control of the system where the @uipath/packager-tool-bpmn package is installed and running. This includes the ability to access and steal sensitive data, install malware, and potentially pivot to other systems on the network. The advisory explicitly states that all secrets and keys stored on the compromised machine should be rotated immediately from a different, secure computer, as the system is considered fully compromised. The malicious code may persist even after package removal, making thorough investigation and remediation essential.
This vulnerability is considered highly critical due to the potential for full system compromise. While no public proof-of-concept (PoC) has been explicitly released, the advisory indicates that the package has been identified as containing malware. The vulnerability was disclosed on 2026-05-12. Given the nature of the compromise, it's highly likely this will be added to CISA KEV catalog soon. Active exploitation is suspected, though confirmation is pending.
Organizations using UiPath and its related tools are at significant risk. Specifically, environments where @uipath/packager-tool-bpmn is integrated into automated processes or workflows are particularly vulnerable. Developers and DevOps teams responsible for managing package dependencies should prioritize remediation.
• nodejs: Check for the presence of the @uipath/packager-tool-bpmn package using npm list @uipath/packager-tool-bpmn. If found, investigate the installation location and associated files for suspicious activity.
• linux / server: Examine package manager logs (e.g., apt, yum) for installations of @uipath/packager-tool-bpmn from untrusted sources.
• generic web: If the package is used in a web application, monitor server logs for unusual activity or requests related to the package's functionality.
disclosure
エクスプロイト状況
EPSS
0.07% (22% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-0512 is to immediately remove the vulnerable @uipath/packager-tool-bpmn package from all affected systems. Due to the high severity and potential for persistent compromise, simply updating is not sufficient. After removal, it is crucial to rotate all secrets and keys stored on the affected machine from a clean, trusted system. Consider performing a full system wipe and rebuild to ensure complete eradication of any malicious components. There are no specific WAF or proxy rules that can effectively mitigate this vulnerability, as it resides within the package itself.
Aplique el parche de seguridad SAP 3645228 para mitigar la vulnerabilidad XSS en el manejador SICF del catálogo SRM. Verifique la documentación de SAP para obtener instrucciones detalladas sobre la aplicación del parche y las posibles interrupciones del servicio. Consulte las notas de seguridad de SAP para obtener información adicional y actualizaciones.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-0512 is a critical vulnerability in the @uipath/packager-tool-bpmn package (versions ≤0.0.9) that allows for full system compromise, potentially granting an attacker complete control over the affected machine.
If you are using @uipath/packager-tool-bpmn version 0.0.9 or earlier, you are affected by this vulnerability and must take immediate action to remove the package.
The recommended fix is to immediately remove the vulnerable package and rotate all secrets and keys stored on the affected machine. A full system wipe and rebuild is also recommended.
While no public PoC has been released, the advisory indicates the package contains malware, suggesting active exploitation is likely.
Refer to the UiPath security advisory for details and further guidance on mitigating this vulnerability. (Note: Specific advisory URL not provided in input data.)