Critical Security Vulnerability Discovered in npm Binary-Parser Library

A security vulnerability has been discovered in the npm binary-parser library, which allows arbitrary JavaScript code execution if successfully exploited. The flaw, identified as CVE-2026-1245 with a CVSS score of 6.5, affects all versions of the module prior to version 2.3.0. Patches were released on November 26, 2025. Binary-parser is a popular library used for parsing binary data in Node.js.