Deno command injection in node:child_process bypasses permission sandbox

TL;DR - Patch Deno and rip shell: true out of any code path that touches untrusted input. This bug runs OS commands outside Deno's permission sandbox.

What happened

Deno is the secure JavaScript and TypeScript runtime whose whole brand is the permission-based sandbox. The new CVE undermines that. Calling spawn() or spawnSync() from node:child_process with shell: true and attacker-controlled arguments lands as command injection. This is the bypass for the earlier fix for CVE-2026-27190.

The root cause is a quoting priority bug in transformDenoShellCommand. Arguments containing $VAR get wrapped in double quotes - which in POSIX sh still allows backtick command substitution. So the sandbox sees a tame-looking string. The shell sees a substitution.

All the attacker needs is --allow-run.

Who is impacted

• Deno v2.7.0 and v2.7.1 (range: >= 2.7.0, < 2.7.2).
• Applications passing user-controlled arguments to spawn() / spawnSync() with shell: true.
• Only --allow-run is required for exploitation.

What to do now

• Follow vendor remediation guidance and apply the latest patched release available at the time of writing.
• If running vulnerable versions temporarily:
  • Avoid shell: true (use default shell: false).
  • Do not pass untrusted input into process-spawn arguments.
  • Review code paths calling node:child_process from untrusted sources (web requests, job payloads, message queues).