CVE-2026-26974

Name of the Vulnerable Software and Affected Versions Slyde versions 0.0.4 and below

Description Slyde is a program used to create animated presentations from XML. A remote code execution issue exists because Node.js automatically imports **/*.plugin.{js,mjs} files, including those from node modules. This allows any malicious package containing a .plugin.js file to execute arbitrary code when installed or required. All projects utilizing this loading behavior are affected, particularly those installing packages from untrusted sources.

Recommendations Upgrade to version 0.0.5 or later. Audit and restrict which packages are installed in node modules.