From 98140b9c7951d07db8dc1d23fc4c4075aa22b54a Mon Sep 17 00:00:00 2001
From: Stalin <161853795+0x5t4l1n@users.noreply.github.com>
Date: Tue, 12 May 2026 18:27:45 +0530
Subject: [PATCH] Update CVE-2026-42290.md

---
 reported/CVE-2026-42290.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/reported/CVE-2026-42290.md b/reported/CVE-2026-42290.md
index 87868d6..a577ef5 100644
--- a/reported/CVE-2026-42290.md
+++ b/reported/CVE-2026-42290.md
@@ -1,12 +1,17 @@
 ![CVE](https://img.shields.io/badge/CVE-2026--42290-red)
 
+# CVE-2026-42290 — protobufjs `pbts` Command Injection via Unsanitized File Paths
 
-# protobufjs `pbts` Command Injection via Unsanitized File Paths
+> CVE-2026-42290 has been officially published.
 
 ## Overview
 
 The `pbts` CLI tool in protobufjs constructed a shell command using unsanitized file paths and executed it via `child_process.exec`, allowing shell metacharacters in file names or paths to be interpreted by the shell.
 
+**CVE ID:** CVE-2026-42290
+
+**Affected Component:** protobufjs CLI (`pbts`)
+
 **Severity:** High
 
 **Vulnerability Type:** Command Injection
@@ -58,3 +63,4 @@ The protobufjs runtime APIs for encoding, decoding, parsing, and loading protobu
 ## Discoverer
 
 **Stalin S** ([@0x5t4l1n](https://github.com/0x5t4l1n))
+