HomeCVE Intelligence › CVE-2026-42353
CVSS 8.2 HIGH Vulnerability

CVE-2026-42353: i18next-http-middleware has path traversal / SSRF via user-controlled language and namesp…

Summary Versions of i18next-http-middleware prior to 3.9.3 pass the user-controlled lng and ns values from getResourcesHandler directly into i18next.services.backendConnector.load(languages, namespaces, …) without any s…

8.2CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-42353
Vendornpm
Affected Producti18next-http-middleware
Vulnerability TypeVulnerability
CVSS Score8.2 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary Versions of i18next-http-middleware prior to 3.9.3 pass the user-controlled lng and ns values from getResourcesHandler directly into i18next.services.backendConnector.load(languages, namespaces, …) without any sanitisation. Depending on which backend is configured, the unvalidated path segments enable one of two attacks: - Filesystem path traversal when the middleware is paired with i18next-fs-backend (or any backend that interpolates lng / ns into a filesystem path).

Server-Side Request Forgery (SSRF) when the middleware is paired with i18next-http-backend (or any backend that interpolates into an HTTP URL). Example request: ``

GET /locales/resources.json?lng=../../etc/passwd&ns=root ` with i18next-fs-backend` reads the attacker-chosen file from

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-42353 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence