CVE-2026-45222: Nodejs Missing File Chmod Before Write
Writing to an existing sensitive config file without restricting its permissions beforehand can leave it world-readable if it was previously created with permissive permissions. Tighten permissions using `fs.chmod(file, 0o600)` before rewriting the file.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
TS
TSgreprules fetch cve-2026-45222-nodejs-missing-file-chmod-before-write --engine opengrepDescription
Writing to an existing sensitive config file without restricting its permissions beforehand can leave it world-readable if it was previously created with permissive permissions. Tighten permissions using `fs.chmod(file, 0o600)` before rewriting the file.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0