CVE-2026-27190: Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process

Severity: Critical

CVSS Score: 8.1

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:child_process implementation. This vulnerability is fixed in 2.6.8.