Root has patched CVE-2026-35209 in the @rootio/defu package for Root:npm. Multiple fixed versions available.
{ "distro_version": "", "distro": "npm", "source": "Root", "severity": "HIGH" }
2.0
""
"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-35209.json"
true
"6.1.4-root.io.2"
[ "6.1.4-root.io.1", "6.1.4-root.io.2" ]
1.0
[ "6.1.4-aikido.2" ]
"6.1.4-aikido.2"